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Abstract 

The  security  of  ad  hoc  wireless  networks  has  become  a  focal  point  of  the  military 
communications  research  community.  A  Mobile  Ad  Hoc  Network  (MANET)  is  an 
autonomous  collection  of  mobile  nodes  that  communicate  over  relatively  bandwidth 
constrained,  wireless  links.  Since  MANETs  require  no  existing  communication 
infrastructure,  they  offer  significant  advantages  in  their  scalability  and  flexibility.  These 
attributes  make  MANETs  extremely  attractive  for  specialized  application  environments 
such  as  those  encountered  on  the  battlefield,  in  emergency  situations,  and  in  disaster 
areas.  Unfortunately,  MANETs  also  exhibit  significant  weaknesses  in  security  when 
compared  to  other  wireless  communication  solutions.  They  are  subject  to  localized 
attacks  and  suffer  from  vulnerabilities  inherent  to  their  structure  and  topology. 

The  use  of  a  Public  Key  Infrastructure  (PKI)  offers  a  cryptographic  solution  that  can 
overcome  many,  but  not  all,  of  the  MANET  security  problems.  One  of  the  most  critical 
aspects  of  a  PKI  system  is  how  well  it  implements  Key  Management.  Key  Management 
deals  with  key  generation,  key  storage,  key  distribution,  key  updating,  key  revocation, 
and  certificate  service  in  accordance  with  security  policies  over  the  lifecycle  of  the 
cryptography.  While  traditional  PKI  solutions  work  well  in  fixed  wired  networks,  they 
may  not  be  appropriate  for  MANETs  due  to  the  lack  of  a  fixed  infrastructure  to  support 
the  PKI.  In  this  research,  we  investigate  key  management  within  PKI  implementations  in 
wireless  networks  to  identify  critical  factors  and  best  practices  to  secure  these  networks. 
Recommendations  will  be  made  for  deploying  secure  MANETs  based  upon  the  research 
findings. 
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FACTORS  IMPACTING  KEY  MANAGEMENT  EFFECTIVENESS  IN 


SECURED  WIRELESS  NETWORKS 

I.  Introduction 

1.1.  Background 

Advances  in  microelectronic  technologies  and  reduced  systems  costs  have  resulted  in 
the  proliferation  of  low  cost,  wireless  communication  systems  across  a  wide  range  of 
commercial  and  military  communication  solutions.  In  some  cases,  there  is  a  need  for  the 
rapid  deployment  of  independent  mobile  users  working  together  towards  a  common  goal. 
Examples  include  establishing  survivable,  efficient,  dynamic  communication  for 
emergency/rescue  operations,  disaster  relief  efforts,  and  military  networks.  In  many  of 
these  situations,  cryptography  may  be  employed  to  insure  the  confidentiality  and  integrity 
of  the  information  carried  in  the  network. 

Key  management  is  a  fundamental  part  of  any  cryptography  system  used  to  secure  a 
communications  network.  The  effectiveness  of  a  cryptography  system  largely  depends 
on  the  security,  robustness,  and  efficiency  of  the  Key  Management  System.  Specifically, 
Key  Management  deals  with  key  generation,  key  storage,  key  distribution,  key  updating, 
key  revocation,  and  certificate  services,  in  accordance  with  security  policies  defined  by 
the  organization  using  the  secure  network  (Bing,  2005). 

A  Key  Management  System  (KMS)  is  the  collective  policy,  practices,  and 
procedures  that  are  dictate  the  creation,  distribution,  and  management  of  encryption  keys. 
For  this  reason,  the  security  and  integrity  of  the  KMS  are  fundamental  aspects  of  a  secure 
communications  network  (Hadjichristofi,  2005).  An  effective  KMS  provides  high 
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service  availability  in  distributed  networks  and  requires  minimal  pre-configuration  during 
the  network  deployment.  Security  services  based  on  cryptographic  mechanisms  assume 
cryptographic  keys  to  be  securely  distributed  to  the  communicating  parties  otherwise  the 
protection  provided  by  the  cryptography  can  be  compromised.  Secure  key  management 
is  one  of  the  most  critical  elements  when  integrating  cryptographic  functions  into  a 
system,  since  even  the  most  elaborate  security  concept  will  be  ineffective  if  the  key 
management  is  weak. 

A  Mobile  Ad  Hoc  Network  (MANET)  is  an  autonomous  collection  of  mobile  users 
that  communicate  over  relatively  bandwidth  constrained  wireless  links  (NISTMAN, 
2005).  One  unique  aspect  is  that  the  MANET  is  fonned  dynamically  and  will  often 
employ  a  multi-hop  routing  communication  scheme.  Since  the  network  topology  may 
change  rapidly  and  unpredictably  over  time,  each  node  must  incorporate  a 
communication  routing  protocol  that  facilitates  network  discovery,  insures  message 
delivery,  and  detects  and  reroutes  failed  message  delivery  attempts.  Since  the  networks 
are  fonned  dynamically,  each  node  should  communicate  with  other  nodes  within  its 
range  and  collect  and  distribute  this  information  across  the  network.  The  major 
advantage  of  this  type  of  network  is  the  self-organizing  property  which  eliminates  the 
need  for  a  fixed  infrastructure  found  in  other  wireless-based  networking  solutions.  The 
set  of  applications  for  MANETs  is  diverse,  ranging  from  small,  static  networks  that  are 
constrained  by  power  sources,  to  large-scale,  mobile,  highly  dynamic  networks.  Since 
MANETs  are  extremely  flexible  and  scalable  they  are  ideal  for  establishing 
communications  in  scenarios  where  there  is  no  existing  communications  infrastructure. 
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Further,  since  the  range  of  the  communications  network  is  limited,  it  appears  to  be  an 
ideal  solution  for  several  military  applications. 

A  security  concern  in  wireless  networks  is  that  they  are  more  readily  prone  to 
eavesdropping  than  a  wired  network,  as  there  is  no  physical  protection  of  the  medium. 
Moreover,  every  node  in  MANET  has  increased  responsibility  in  comparison  to  a  node  in 
a  traditional  fixed  or  mobile  network  because  every  node  in  MANET  also  serves  as  a 
router.  The  responsibility  each  node  incurs  increases  the  need  for  security  measures  to 
assure  the  confidentiality  and  integrity  of  each  node.  If  a  MANET  node  is  compromised, 
it  is  possible  it  can  act  as  a  gateway  to  corrupt  the  entire  network.  Further,  in  some  of  the 
potential  MANET  application  domain,  such  as  those  found  in  the  military  or  law 
enforcement,  security  of  the  communications  is  a  critical  requirement.  Moreover,  even  in 
conventional  networks  that  do  not  require  absolute  confidentiality,  the  general  public 
often  demand  privacy  to  keep  their  private  infonnation  secure. 

1.2.  Problem  Statement 

With  the  rapid  growth  of  Internet  and  wireless  network  technologies,  many 
communication  services  have  become  the  focus  for  future  developments  in  the  military 
operations,  law  enforcement,  and  disaster  response  domains.  Since  both  Internet  and 
wireless  communications  are  transported  over  what  is  considered  insecure  transmission 
media,  the  messages  have  to  be  encrypted  to  prevent  eavesdroppers  or  unauthorized  users 
from  capturing  the  messages.  Therefore,  secure  communications  has  become  a  critical 
design  factor  when  designing  networks  for  the  future  (Tseng,  2003).  However,  there  are 
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no  established  guidelines  that  identify  best  practices  for  deploying  secure 
communications  in  new  network  topologies  such  MANET. 

Security  services  based  on  cryptographic  mechanisms  assume  cryptographic  keys 
will  be  distributed  to  the  communicating  parties  prior  to  secure  communications.  The 
secure  management  of  these  keys  is  one  of  the  most  critical  elements  when  integrating 
cryptographic  functions  into  a  system,  since  even  the  most  elaborate  security  concept  will 
be  ineffective  if  the  key  management  is  weak  (Fumy,  1993).  Key  Management  is  the 
most  critical  factor  of  secure  communication  regardless  of  the  application.  Designing 
and  implementing  any  kind  of  security  mechanism  requires  a  shared  secret  (usually  called 
the  cryptographic  key)  to  construct  a  trust  relationship  between  two  or  more 
communicating  parties.  Managing  these  cryptographic  keys  play  a  vital  role  in  providing 
reliable,  robust,  and  secure  communication  (Budakoglu,  2004). 

Existing  key  management  solutions  are  primarily  developed  based  on 
conventional  network  topologies  which  are  fixed  and  wired.  In  such  networks,  the 
infrastructure  provided  supports  the  underlying  mechanisms  required  for  effective  key 
management.  In  contrast,  wireless  ad  hoc  networks  by  definition  have  no  fixed 
infrastructure  elements.  Moreover,  the  nodes  of  wireless  ad  hoc  networks,  especially 
sensor  network,  have  several  limitations  such  as  memory  storage  and  computational 
capabilities.  These  inherent  disadvantages  make  it  difficulty  to  employ  the  tradition 
solution  such  as  the  solution  based  on  a  Public  Key  Infrastructure  (PKI). 

The  nodes  in  a  wireless  ad  hoc  network  are  vulnerable  to  variety  of  potential 
attacks.  An  adversary  only  needs  to  identify  and  corrupt  a  single  weak  node  to  potentially 
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disrupt  the  whole  network.  One  way  to  mitigate  this  threat  is  to  implement  a 
cryptographic  solution  with  strong  key  management. 

1.3.  Research  Question 

The  purpose  of  this  study  is  to  identify  and  assess  existing  key  management 
techniques  used  to  secure  wireless  communication  network.  The  analysis  will  identify 
the  strengths  and  weaknesses  inherent  in  each  of  the  key  management  techniques.  This 
research  will  also  identify  critical  factors  related  to  key  management  that  influence 
organizational  acceptance  of  cryptography  technology  in  secure  communication  network. 
It  is  believed  that  the  identification  of  these  factors  will  provide  guidelines  for  the 
successful  implementation  of  other  wireless  secure  communications  network  such  as 
MANET. 

In  order  to  satisfy  the  objective  of  this  study,  the  primary  research  question  is  “What 
are  the  factors  impacting  Key  Management  effectiveness  in  secured  wireless  networks?” 
It  is  hoped  that  by  answering  this  question,  we  can  recommend  guidelines  and  best 
practices  for  securing  MANETs. 

In  addition,  there  are  five  investigative  questions  which  allow  us  to  effectively 
answer  the  primary  research  question. 

1)  What  are  the  characteristics  of  various  secure  wireless  communications? 

2)  What  are  the  most  common  problems  encountered  when  implementing  a  secure 
wireless  network? 

3)  What  are  the  critical  success  factors  in  deployment  of  a  secure  wireless  network? 

4)  What  are  types  of  cryptography  are  used  to  secure  wireless  network? 
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5)  What  is  the  advantages/weakness  of  each  cryptography  technique? 

1.4.  Methodology 

The  research  conducted  in  this  thesis  uses  a  hybrid  research  methodology.  A 
content  analysis  research  methodology  is  used  to  examine  all  literature  related  to  secure 
network  deployment  and  to  compare  and  contrast  the  key  characteristics  of  secure 
communication  networks.  A  case  study  methodology  is  employed  to  examine  secure 
network  implementations  in  detail  and  to  validate  the  key  characteristics  identified  in  the 
content  analysis.  Multiple  databases  will  be  queried  in  order  to  discover  all  relevant 
literature  related  to  the  key  management  aspects  of  securing  wireless  networks.  Based  on 
the  collected  and  evaluated  data,  critical  factors  in  key  management  impacting  of  the 
deployment  of  secure  wireless  networks  will  be  identified.  Finally,  a  comparative 
analysis  of  the  each  wireless  network  topology  will  be  conducted  in  order  to  provide  a 
better  understanding  of  securing  networks  so  that  guidelines  can  be  established  for 
mobile  ad  hoc  networks. 

1.5.  Scope  and  Limitations 

The  scope  of  this  research  study  is  the  implementation  of  secured  wireless 
communications.  In  this  study,  the  range  of  secure  communication  networks  examined 
includes  wireless  networks  (WNs),  wireless  sensor  networks  (WSNs),  and  mobile  ad-hoc 
networks  (MANETs). 

There  are  a  number  of  limitations  of  this  research.  First,  the  implementation  of 
the  hybrid  research  methodology  is  problematic  since  I  have  both  formulated  the  research 
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questions  and  conducted  the  categorization  of  references  myself  which  introduces 
research  bias.  Second,  there  is  a  lack  of  substantial  information  available  on  MANET 
implementations.  This  is  primary  a  consequence  of  the  infancy  of  the  MANET 
technology.  Third,  I  am  unable  to  obtain  some  of  the  classified  references  due  to  my 
status  as  an  international  student.  Therefore,  I  will  analyze  all  of  the  unclassified 
references  related  to  securing  wireless  related  network  topologies  and  infer  guidelines 
and  best  practices  in  MANETs.  Finally,  I  will  focus  my  research  on  Key  Management 
issues  rather  than  the  underlying  technical  and  mathematical  details  of  the  cryptography 
used  in  securing  a  network.  This  research  will  survey,  provide  an  overview,  and  analyze 
the  literature  related  to  key  management  aspects  of  securing  WNs,  WSNs,  and  MANETs. 

1.6.  Thesis  Overview 

In  this  chapter,  I  have  provided  a  brief  introduction  of  the  issues  related  to  securing 
wireless  networks.  The  remainder  of  the  paper  is  organized  as  follows.  Chapter  2 
presents  a  literature  review  of  all  key  management  related  secure  wireless  network 
literature.  This  chapter  explains  the  basic  concept  of  cryptography  including  key 
management  in  a  secure  communications  environment.  Chapter  3  describes  the  hybrid 
methodology  used  in  this  study  in  order  to  answer  the  research  questions.  In  chapter  4, 
we  provide  a  detailed  analysis  of  Key  Management  techniques  and  discuss  their 
implementation  in  a  secure  wireless  communication  network.  Chapter  5  provides  a 
detailed  summary  of  the  analysis  conducted  and  provides  conclusions  and 
recommendations  for  future  research. 
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II.  Literature  Review 


2.1.  Overview 

In  this  chapter,  we  examine  all  existing  literature  related  to  securing  wireless 
networks.  The  objective  of  this  chapter  is  to  provide  common  understanding  of  wireless 
network  environment,  security,  and  key  management.  This  chapter  will  introduce  the 
concept  of  a  secure  network,  introduce  the  basic  concepts  of  symmetric  and  asymmetric 
cryptography,  and  discuss  the  importance  of  a  Pubic  Key  Infrastructure  (PKI)  and  its 
relation  to  key  management.  The  literature  review  provides  the  necessary  background 
information  to  understand  the  importance  of  key  management  in  a  secured  wireless 
network  environment. 

2.2.  The  Secured  Wireless  Communications  Network  Environment 
2.2.1.  Wireless  Networks  (WNs) 

The  future  of  communications  has  dramatically  changed  as  the  result  of  the 
deployment  of  low  cost,  wireless  communications  technology.  The  integration  of  wired 
and  wireless  networks  has  enabled  new  collaborative  communication  capabilities  that 
link  military  sensors  in  theater  with  command  and  control  systems  located  thousands  of 
miles  away.  Large  numbers  of  entities  participating  in  these  communications  require  the 
use  of  efficient  methods  of  securing  network  in  order  to  reduce  network  congestion 
(Kostas,  2003). 
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There  has  been  a  rapid  development  in  high-speed  computing  and  communication, 
miniaturization  of  computers,  and  deployment  of  wireless  communication  infrastructures. 
Today,  Wireless  Local  Area  Networks  (WLANs)  are  rapidly  and  widely  accepted  as  a 
complementary  technology  to  high-speed  wired  LAN  technologies  and  various  cellular 
networks.  WLANs  have  experienced  an  amazing  development  and  a  rapid  growth. 
Advances  in  these  technologies  have  engendered  a  new  paradigm  of  computing  providing 
flexibility  in  accessing  information  anywhere  and  at  any  time.  For  a  wider  acceptance, 
WLAN  technologies  should  evolve  such  that  they  support  QoS  (Quality-of-Service) 
provisioning,  secure  communications,  integration  with  other  wireless  networks,  power 
conservation,  seamless  mobility  support  and  a  fair  bandwidth  sharing  (Labiod,  2004). 

In  wireless  networks,  where  the  error  rate  is  high  and  the  bandwidth  is  limited,  the 
design  of  key  management  schemes  should  focus  on  reducing  the  communication  burden 
associated  with  key  updating.  A  global  wireless  infrastructure  will  free  users  from  the 
confines  of  static  communication  networks.  Users  will  be  able  to  access  the  Internet  from 
anywhere  at  anytime.  As  wireless  connections  become  ubiquitous,  users  will  desire  to 
have  secure  applications  running  on  their  mobile  devices  (Yan,  2004). 

Network  security  has  received  critical  attention  from  various  areas.  As  the  data 
network  becomes  more  pervasive  and  its  scale  becomes  larger,  network  intrusion  and 
attacks  have  become  larger  threats  to  network  users.  This  is  especially  true  for  the 
emerging  wireless  data  networks.  Compared  to  their  wired  counterpart,  wireless 
networks  are  especially  prone  to  security  attacks  ranging  from  passive  eavesdropping  to 
active  interfering.  It  is  difficult  to  protect  against  intrusions  in  the  wireless  environment 
and  occasional  intrusions  in  a  large  scale  mobile  network  are  inevitable  over  long  periods 
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of  time  (Kong,  2001).  Because  of  wireless  links’  specific  characteristics,  new  security 
flaws  arise  within  a  WLAN.  The  necessity  of  securing  WLANs  has  led  to  a  consensus  on 
the  definition  of  newer,  more  robust  authentication  architectures.  (Bakirdan,  2003). 

2.2.2.  Wireless  Sensor  Networks  (WSNs) 

As  technology  advances  and  the  integration  of  low-power  radio,  computing  and 
sensor  technology  becomes  reality;  wireless  sensor  networks  (WSNs)  are  introduced  as 
new  type  of  wireless  networks.  These  networks  will  typically  consist  of  a  lot  of  ultra  low 
power  nodes,  with  limited  communication  means  and  CPU  power  (Kahn,  1999;  Rabaey, 
2000). 

Sensor  networks  consist  of  a  large  number  of  sensor  nodes  which  typically  have 
limited  resources.  They  are  used  to  monitor  buildings  and  industries,  and  they  can  also  be 
used  in  asset  tracking,  environmental  sensing,  etc.  Generally,  sensor  nodes  communicate 
with  each  other  through  wireless  communication;  therefore,  security  services  such  as 
encryption  and  authentication  are  required  to  prevent  eavesdropping,  alteration,  and 
spoofing  (Ito,  2005).  In  sensor  network,  there  are  many  applications  like  gathering 
distributed  information.  Typically,  the  low-power  sensors  which  scattered  over  the  area 
to  be  monitored  have  the  ability  to  gather  data,  and  process  and  forward  it  to  a  central 
node  for  further  processing  (Jolly,  2003). 

Wireless  sensor  networks  (WSNs)  consist  of  a  large  number  of  small  sensor  nodes 
equipped  with  limited  computation  capacity,  restricted  memory  space,  limited  power 
resource  and  short-range  radio  communication  device  (Zhen,  2005).  WSNs  can  be  used 
in  a  wide  range  of  applications,  including  military  sensing,  environment  monitoring, 
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collecting  vital  signs  of  patients,  smart  houses,  etc.  Most  of  these  applications  require 
high-leveled  security  for  WSN.  WSN  has  its  own  characteristics,  such  as  being  prone  to 
change;  being  limited  in  energy,  memory  and  computation  resources;  and  being  subject 
to  physical  attack.  These  characteristics  make  it  a  challenging  work  to  design  secure 
scheme  for  WSN  (RuiYing,  2005). 

Although  the  capacities  of  these  sensor  nodes  are  growing,  their  resources  are  still 
very  limited.  In  such  an  environment,  overheads  should  be  kept  to  a  strict  minimum, 
nodes  should  go  into  “sleep  mode”  to  save  energy,  and  security  protocols  should  follow 
the  same  “energy-focused”  design  and  consume  as  little  power  as  possible  (Seys,  2005). 

In  military  applications,  sensor  nodes  may  be  deployed  in  a  hostile  environment  such 
as  battlefield.  Security  is  challenges  for  wireless  sensor  networks,  because  an  adversary 
can  easily  gain  access  to  mission  critical  or  private  information  by  monitoring 
communications  between  sensor  nodes.  For  example,  an  adversary  may  try  to  eavesdrop 
on  confidential  traffic,  to  impersonate  nodes  to  insert  bogus  data,  and  to  cripple  nonnal 
network  operation  by  maliciously  modifying  routing  information.  In  order  to  protect 
WSNs  from  these  attacks,  communication  should  be  encrypted  and  authenticated. 
Therefore,  it  is  important  to  encrypt  communications  between  sensor  nodes  to  maintain 
confidentiality  (Zhen,  2005). 

2.2.3.  Mobile  Ad  Hoc  Network  (MANET) 

Mobile  ad  hoc  networks  (MANET)  are  special  type  of  wireless  networks  where 
mobile  hosts  in  wireless  network  may  form  a  temporary  network  without  the  aid  of  any 
fixed  and  centralized  infrastructure.  In  a  MANET,  nodes  within  their  wireless  ranges  can 
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communicate  with  each  other  directly,  assuming  that  all  nodes  have  the  same 
transmission  range.  On  the  other  hand,  nodes  outside  the  range  have  to  use  some  other 
intennediate  nodes  to  relay  messages  which  create  dynamic,  multi-hop  communication 
architecture.  In  such  a  communication,  the  packets  sent  by  source  host  are  relayed  by 
several  intennediate  hosts  before  reaching  the  destination  host  (Bing,  2005).  For  this 
reason,  every  node  plays  a  role  of  a  router  and  must  be  capable  of  dynamically  rerouting 
and  storing  messages  on  an  as  needed  basis.  In  order  for  this  network  architecture  to 
work,  there  must  be  a  common  protocol  that  all  nodes  use  to  achieve  reliable 
communications. 

In  MANETs,  the  need  for  pre-existing  infrastructure  is  not  required  because  each  of 
the  nodes  perform  all  network  services.  These  nodes  can  communicate  each  other 
autonomously.  The  error-prone  wireless  medium  and  frequent  link  breakage  caused  by 
node  mobility  make  the  connectivity  between  the  nodes  to  be  irregular.  A  fully  self- 
organized  MANET  allows  the  end-users  to  establish  the  network  solely  for  a  common 
purpose  in  an  ad  hoc  fashions.  For  example,  a  group  of  strangers  with  computing  devices 
who  have  never  met  before  might  create  a  self-organized  MANET  for  a  common 
purpose.  These  strangers  have  no  pre-existing  relationships  and  share  no  common  secret 
keying  material  on  their  nodes.  Thus,  users  within  this  network  have  to  establish  security 
associations  between  themselves  after  the  network  is  constructed  without  any  aid  of  a 
pre-shared  keying  material  or  any  form  of  trusted  third  party  (Merwe,  2005). 

Low  resource  availability  demands  efficient  resource  utilization  and  makes  it 
difficulty  to  use  complicate  authentication  and  encryption  algorithms.  Most  often,  limited 
power  storage  and  computational  capability  prevent  nodes  in  MANETs  to  utilize 
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enhanced  encryption  methodologies.  Conventional  PKI-based  authentication  and 
encryption  mechanisms  are  relatively  expensive  in  computational  power  to  generate  and 
verify  digital  signatures.  This  cost  often  prevents  their  practical  application  to  use  in 
MANETs.  Symmetric  key  technique  has  been  proven  to  be  more  efficient  due  to  less 
computational  complexity,  but  comes  with  the  cost  of  pre-sharing  a  secret  key  (Deng, 
2004). 

One  of  the  main  goals  of  this  research  is  to  determine  if  traditional  PKI-based 
cryptography  is  suitable  for  used  in  MANETs.  The  inherent  infrastructureless  nature  of 
MANETs  makes  it  hard  to  provide  the  capability  required  in  traditional  PKI 
implementations.  In  addition,  another  serious  problem  that  occurs  in  MANETs  is  the 
physical  vulnerability  of  the  nodes  themselves.  While  mobile  nodes  within  an 
infrastructure-based  wireless  networks  have  the  same  vulnerability,  they  easily  receive 
some  help  with  recovery  since  they  can  rely  on  the  infrastructure  for  detection  and 
remediation  of  compromised  nodes.  In  an  infrastructure-based  network,  infrastructure  has 
most  sensitive  infonnation  which  mobile  nodes  need  in  order  to  communicate  and  the 
mobile  nodes  manage  only  minimal  information.  In  a  MANET,  the  mobile  nodes  have  a 
higher  vulnerability  profile  since  there  is  no  stable  infrastructure  (Yi,  2002). 

Many  target  applications  for  MANETs  require  strong  communication  security  to 
operate.  Prime  examples  include  battlefield  communication  support,  law  enforcement 
communications,  and  disaster  recovery  operations  which  bring  together  large 
communities  of  diverse  organizations.  However,  the  same  infrastructureless  nature  of 
MANETs  that  makes  it  ideal  for  easy,  fast,  and  cost-effective  deployment  also  makes  it 
difficulty  to  support  secure  communications.  Many  security  solutions  rely  on  public  key 
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(asymmetric)  cryptography,  the  deployment  of  which  requires  the  effective  management 
of  digital  certificates  through  two  fundamental  services:  secure  binding  of  a 
cryptographic  key  to  an  entity  (e.g.  a  user,  a  mobile  node,  or  a  service)  and  the  validation 
of  such  bindings  to  other  entities.  Most  key  management  frameworks  and  other  security 
services  designed  for  wired  networks  and  infrastructure -based  wireless  networks  rely  on 
a  trusted  infrastructure  for  security-related  functions.  However,  in  an  ad  hoc  network 
without  any  infrastructure  support,  most  traditional  solutions  are  not  directly  applicable 
(Yi,  2004). 

MANETs  are  a  new  paradigm  of  wireless  communication  for  mobile  nodes.  In  a 
MANET,  there  is  no  fixed  infrastructure  such  as  base  stations  or  mobile  switching 
centers.  Mobile  nodes  that  are  within  each  other’s  radio  range  communicate  directly  via 
wireless  links,  while  those  that  are  far  apart  rely  on  other  nodes  to  relay  messages  as 
routers.  Node  mobility  in  an  ad  hoc  network  causes  frequent  changes  of  the  network 
topology.  Figure  1  shows  such  an  example:  initially,  nodes  A  and  D  have  a  direct  link 
between  them.  When  D  moves  out  of  A’s  radio  range,  the  link  is  broken.  However,  the 
network  is  still  connected,  because  A  can  reach  D  through  C,  E,  and  F.  Military  tactical 
operations  are  still  the  main  application  of  ad  hoc  networks  today.  For  example,  military 
units  (e.g.,  soldiers,  tanks,  or  planes)  equipped  with  wireless  communication  devices, 
could  fonn  an  ad  hoc  network  when  they  roam  in  a  battlefield.  Ad  hoc  networks  can  also 
be  used  for  emergency,  law  enforcement,  and  disaster  recovery  missions.  Since  an  ad  hoc 
network  can  be  deployed  rapidly  with  relatively  low  cost,  it  becomes  an  attractive  option 
for  commercial  uses  such  as  sensor  networks  or  virtual  classrooms  (Zhou,  1999). 
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(a)  (b) 

Figure  1.  Ad  Hoc  Mobile  Networks  (Zhou,  1999) 

Topology  change  in  ad  hoc  network:  nodes  A,  B ,  C,  D,  E,  and  F  constitute  and  ad  hoc 
network.  The  circle  represents  the  radio  range  of  node  A.  The  network  initially  has  the 
topology  in  (a).  When  node  D  moves  out  of  the  radio  range  of  A,  the  network  topology 
changes  to  the  one  in  (b). 


Wireless  ad  hoc  networks  have  been  proposed  to  support  dynamic  scenarios  where 
no  wired  infrastructure  exists  (Yi,  2001).  Most  ad  hoc  routing  protocols  are  cooperative 
by  nature  (Royer,  1999),  and  rely  on  implicit  trust-your-neighbor  relationships  to  route 
packets  among  participating  nodes.  This  naive  trust  model  allows  malicious  nodes  to 
paralyze  an  ad  hoc  network  by  inserting  erroneous  routing  updates,  replaying  old  routing 
information,  changing  routing  updates,  or  advertising  incorrect  routing  information 
(Marti,  2000).  While  these  attacks  are  possible  in  fixed  networks  as  well,  the  nature  of  the 
ad  hoc  environment  magnifies  their  effects,  and  makes  their  detection  difficult  (Zhang, 
2000). 
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Ad  hoc  networks  are  subject  to  various  kinds  of  attacks.  Wireless  communication 
links  can  be  eavesdropped  on  without  noticeable  effort  and  communication  protocols  on 
all  layers  are  vulnerable  to  specific  attacks.  In  contrast  to  wire-line  networks,  known 
attacks  like  masquerading,  man-in-the -middle,  and  replaying  of  messages  can  easily  be 
carried  out.  Moreover,  deploying  security  mechanisms  is  difficult  due  to  inherent 
properties  of  ad  hoc  networks,  such  as  the  high  dynamics  of  their  topology  (due  to 
mobility  and  joining/leaving  devices),  limited  resources  of  end  systems,  or  bandwidth- 
restricted  and  possibly  asymmetrical  communication  links  (Bechler,  2004). 

2.3.  Symmetric  vs.  Asymmetric  Cryptography 

Cryptography  is  a  method  of  storing  and  transmitting  data  in  a  form  that  only  those  it 
is  intended  for  can  read  and  process.  It  is  considered  the  science  of  protecting  infonnation 
by  encoding  it  into  an  unreadable  fonnat  for  later  decryption  only  by  authorized  parties. 
Cryptography  is  an  effective  way  of  protecting  sensitive  information  as  it  is  stored  on 
media  or  transmitted  through  untrusted  network  communication  paths  (Harris,  2003) 

Cryptography  techniques  are  used  to  enable  secure  communications  in  both  wired 
and  wireless  networks  (Bing,  2005).  Symmetric  key  cryptography  has  computation 
efficiency,  but  it  also  has  weaknesses  in  the  management  of  secret  keys.  Asymmetric  key 
cryptography  is  widely  used  because  of  its  simplicity  in  key  distribution.  However,  this 
technique  relies  on  a  centralized  infrastructure  and  is  resource  expensive. 

In  symmetric  key  techniques,  the  sender  and  recipient  have  pre-shared  a  secret  key, 
which  is  used  for  various  cryptographic  operations,  such  as  encryption,  decryption  and 
verification  of  message  authentication  data  (Dankers,  2002).  Thus,  parties  who  want  to 


16 


communicate  each  other  have  the  same  secret  key  in  order  to  encrypt  and  decrypt 
messages.  This  secret  key  must  be  exchanged  in  a  separate  out-of-band  procedure  prior 
to  the  intended  communication.  The  need  to  exchange  a  secret  key  prior  to  the  intended 
communication  complicates  the  security  for  transactions  between  entities  that  do  not  have 
a  pre-established  relationship.  Authentication  is  provided  by  proving  possession  of  the 
pre-shared  secret  key  to  each  other.  As  the  number  of  keys  grows,  the  administration  and 
management  of  secret  keys,  including  their  generation,  distribution,  renewal  and  storage, 
can  become  intractable.  For  each  pair  of  entities,  a  secret  key  has  to  be  created  and 

n(n  —  1) 

distributed,  so  that  for  a  group  n  entities  communicating  with  each  other - keys  are 


required  (Dankers,  2002).  Figure  2  shows  that  the  number  of  key  required  in  symmetric 
key  cryptography  system  grows  exponentially  with  the  number  of  users. 


*(*-!)  =  5d5-l)=1() 

2  2 

Figure  2.  The  Number  of  Keys  Required  in  Symmetric  Cryptography 


Because  of  the  need  for  pre-shared  secret  keys,  secret  key  based  solutions  scale 
poorly.  However,  a  major  advantage  of  symmetric  secret  key  techniques  is  that  they  are 
computationally  efficient  and  they  require  small  overhead  when  compared  to  asymmetric 
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key  techniques  (Dankers,  2002).  This  is  the  main  reason  why  many  applications 
currently  still  use  secret  key  mechanisms  for  communication  system.  Figure  3 
demonstrates  the  process  of  symmetric  key  cryptography. 


Figure  3.  A  Symmetric  Key  Cryptography  System 


Symmetric  key  cryptography  performs  encryption  and  decryption  with  a  single  key. 
The  security  of  this  system  is  thus  determined  by  protecting  the  "secret  key"  from 
disclosure.  As  such,  this  is  applicable  only  in  situations  where  the  distribution  of  the  key 
can  occur  in  a  secure  manner.  Many  applications  often  preclude  the  "safe"  distribution  of 
the  key,  and  so  symmetric-key  cryptography  is  often  used  in  tandem  with  asymmetric 
cryptography.  Examples  of  symmetric  cryptography  algorithms  include  DES,  3DES, 
Blowfish,  IDEA,  CAST128,  and  Arcfour. 

An  asymmetric  key  technique  is  used  for  public  key  cryptography  system  (Dankers, 
2002).  Usually  each  user  has  just  one  key  pair  consisting  of  a  public  key  and  a  private 
key.  One  of  the  keys  of  the  pair  is  made  publicly  available,  while  the  other  key  is  kept 
private.  Because  one  of  the  keys  is  available  publicly  there  is  no  need  for  a  pre-shared 
secret  key.  Note  that  restricting  distribution  of  the  public  key  can  be  used  to  enable 
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secure  communications  between  organizations  who  may  want  to  share  information 
securely  in  the  future.  However,  there  is  a  need  for  an  infrastructure  to  distribute  and 
manage  the  public  key  authentically.  Because  there  is  no  need  for  pre-existed  secrets 
prior  to  a  communication,  public  key  techniques  are  appropriate  for  supporting  security 
between  previously  unknown  parties  such  as  ad  hoc  network.  Authentication  is  achieved 
by  proving  possession  of  the  private  key  (Dankers,  2002).  A  digital  signature  is  one 
mechanism  used  for  doing  this.  The  digital  signature  is  generated  with  the  private  key 
and  verified  using  the  corresponding  public  key,  which  is  bound  to  the  entity  generating 
the  signature  (Dankers,  2002). 

Asymmetric  key  techniques  make  it  possible  to  establish  secret  keys  dynamically 
(Dankers,  2002).  In  simplified  procedure,  an  end-entity  calculates  a  secret  key  and  sends 
it  encrypted  with  the  public  key  of  the  entity  with  which  it  wants  to  communicate.  That 
entity  then  obtains  the  secret  key  by  decrypting  the  received  information  with  its  private 
key.  As  the  public  key  of  a  key  pair  is  usually  published  in  a  directory,  the  overhead 
associated  with  distributing  key  material  to  communicating  parities  is  reduced 
significantly  in  comparison  with  solutions  based  solely  on  symmetric  secret  key 
techniques.  For  a  group  of  n  entities  communicating  with  each  other,  only  n  key  pairs  are 
required  (Dankers,  2002).  However,  a  weakness  of  asymmetric  key  techniques  is  that 
they  are  computationally  very  intensive.  This  intensiveness  makes  them  less  suitable  for 
environment  where  devices  of  size  and  processing  power  are  limited,  such  as  wireless 
sensor  network.  Figure  4  demonstrate  the  process  of  asymmetric  key  cryptography. 
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Figure  4.  An  Asymmetric  Key  Cryptography  System 

In  asymmetric  cryptography,  the  public  and  private  keys  are  related  to  each  other, 
but  obtaining  the  private  key  from  its  public  counterpart  is  an  NP-complete  problem  and 
is  thus  infeasible  to  undertake.  To  illustrate  how  public-key  cryptography  works, 
consider  the  hypothetical  example  of  two  people  named  Alice  and  Bob  who  would  like  to 
communicate  with  each  other  in  private.  Assuming  Alice  already  has  Bob's  public  key, 
she  encrypts  her  message  to  Bob  with  his  public  key.  Bob  receives  the  message  and 
decrypts  it  using  his  private  key.  If  an  eavesdropper,  say  Eve,  were  to  capture  Alice's 
message  in  transit  and  re-send  it  to  conceal  her  presence,  she  will  be  unable  to  decrypt  it 
just  by  owning  a  copy  of  Bob’s  public  key.  She  can  certainly  try  to  obtain  the  private  key 
from  the  public  key  but  it  will  take  her  a  prohibitively  long  time  to  do  so.  RSA  and  DSA 
are  examples  of  public  key  cryptographic  algorithms. 

2.4.  Public  Key  Infrastructure  (PKI) 

Public  key  cryptography  is  one  of  most  effective  mechanisms  for  providing 
fundamental  security  services  including  authentication,  digital  signatures  and  encryption 
for  the  successful  implementation  of  asymmetric  key  cryptography  (Yi,  2002).  Public 
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Key  Infrastructure  (PKI)  provides  a  means  for  key  management  and  the  infrastructure 
necessary  for  managing  digital  certificates.  The  most  important  component  of  PKI  is  the 
CA  (Certificate  Authority),  the  trusted  entity  in  the  system  that  vouches  for  the  validity  of 
digital  certificate.  The  success  of  PKI  depends  on  the  availability  of  the  CA  to  the 
principals  in  the  system  (or  the  nodes  in  the  network)  since  a  principals  must  correspond 
with  the  CA  to  get  a  certificate,  check  the  status  of  another  principal’s  certificate  (in  some 
cases),  and  acquire  another  principal’s  digital  certificate.  PKI  is  widely  used  in  wired 
networks  and  some  infrastructure -based  wireless  networks  (Yi,  2002). 

Public  key  cryptography  is  uniquely  well-suited  to  certain  parts  of  a  secure  global 
network.  It  is  widely  accepted  that  public  key  security  systems  are  easier  to  administer, 
more  secure,  less  trustful,  and  have  better  geographical  reach,  than  symmetric  key 
security  systems.  However,  it  is  not  widely  appreciated  that  these  advantages  rely 
excessively  on  the  end-user’s  security  discipline.  With  public  key  cryptography,  clients 
must  constantly  be  careful  to  rigorously  validate  every  public  key  they  use,  and  they  must 
maintain  the  secrecy  of  their  long-lived  private  keys.  It  turns  out  that  these  tasks  are 
harder  than  they  seem  (Davis,  1996). 

The  ubiquitous  capability  of  verifying  the  binding  between  a  public  key  and  the 
owner  principal  plays  an  important  role  in  the  successful  application  of  pubic  key 
cryptography.  In  a  communications  system,  the  mainstream  solution  is  to  have  a  third- 
party  centrally  trusted  entity,  called  Certificate  Authority  (CA),  vouch  for  the  authenticity 
of  the  binding  by  signing  digital  certificates.  In  practice,  CAs  and  digital  certificates  are 
organized  and  maintained  by  the  standards  defined  by  the  Public  Key  Infrastructure.  In  a 
wireless  environment,  all  devices  are  opened  to  attack  to  the  same  extent  and  no  one  can 
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be  assumed  to  be  significantly  more  secure  than  the  others.  Moreover,  devices  can  roam, 
run  out  of  power,  leave  and  later  rejoin  a  network,  stop  functioning,  all  of  which  lead  to 
volatile  connectivity  among  nodes  and  CAs  (Gang,  2004). 

A  Public  Key  Infrastructure  (PKI)  consists  of  program,  data  fonnat  procedures, 
communication  protocols,  security  policies,  and  public  key  cryptographic  mechanisms 
working  in  a  comprehensive  manner  to  enable  a  wide  range  of  dispersed  people  to 
communicate  in  a  secure  and  predictable  fashion.  In  other  words,  a  PKI  establishes  a 
level  of  trust  within  an  environment.  Formally,  a  PKI  is  an  ISO  authentication 
framework  that  uses  public  key  cryptography  and  the  X.509  standard  protocols.  The 
framework  was  set  up  to  enable  authentication  to  happen  across  different  networks  and 
the  Internet.  Particular  protocols  and  algorithms  are  not  specified,  which  is  why  PKI  is 
called  a  framework  and  not  a  specific  technology  (Harris,  2003). 

Many  security  protocols  in  use  today  were  designed  under  the  assumption  that  some 
form  of  global  distributed  public-key  infrastructure  would  eventually  emerge  to  address 
key  management  problems.  These  protocols  go  back  to  the  early  1990s,  when  a  universal 
PKI  was  thought  to  be  available  in  the  short  term.  Unfortunately,  it  has  not  evolved  as 
quickly  as  thought.  Consequently,  existing  protocols  originally  designed  to  rely  on  a 
global  PKI  must  either  employ  ad  hoc  solutions  (Gutmann,  2004). 

2.4.1,  Certificate  Authority 

PKI  architectures  traditionally  fall  into  three  configurations:  A  single  CA,  a 
hierarchy  of  CAs,  or  a  mesh  of  CAs.  Each  configuration  is  characterized  by  the  number 
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of  CAs,  the  trust  relationships  between  the  CAs,  and  where  PKI  users  place  their  trust 
(Polk,  2003): 

Single  CA:  The  simplest  architecture  contains  a  single  CA  that  provides 
certificates  and  certificate  status  infonnation  for  every  user.  The  CA’s  public  key  is  the 
fundamental  point  of  trust,  or  trust  anchor,  for  evaluating  certificate  acceptability. 

Users  have  a  direct  relationship  with  the  CA,  so  they  know  which  applications  the 
certificates  should  be  used  for. 

CA  Hierarchy:  PKIs  constructed  with  superior-subordinate  CA  relationships  are 
called  hierarchical  PKIs.  The  foundation  of  such  an  architecture  is  the  “root”  CA  (the 
trust  anchor  for  all  users  of  the  PKI),  which  issues  certificates  to  subordinate  CAs  but 
not  to  users. 

CA  Mesh:  The  traditional  alternative  to  hierarchical  PKIs  is  to  create  a  mesh  PKI, 
or  web  of  trust,  to  connect  CAs  via  P2P  relationships.  Any  CA  in  a  mesh  PKI  can  be  a 
trust  anchor,  although  users  generally  consider  the  CA  that  issued  their  certificate  as 
their  trust  anchor. 

2.4.2.  Algorithm 

A  standard  analogy  (Mollin,  2003)  for  public-key  cryptography  is  given  as  follows. 
Suppose  that  Bob  has  a  wall  safe  with  a  secret  combination  lock  known  only  to  him,  and 
the  safe  is  left  open  and  made  available  to  passers-by.  Then  anyone,  including  Alice,  can 
put  messages  in  the  safe  and  lock  it.  However,  only  Bob  can  retrieve  the  message,  since 
even  Alice,  who  left  a  message  in  the  box,  has  no  way  of  retrieving  the  message. 
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The  key-exchange  protocol  devised  by  Diffie-Hellman  (Diffie,  1976)  did  not  provide 
a  complete  solution  to  the  notion  give  above  of  a  public-key  cryptosystem.  The  first  to 
publicly  do  this  were  Rivest,  Shamir,  and  Adleman  (RSA),  for  which  their  name  are 
attached  to  the  cryptosystem  which  we  now  describe. 

We  break  the  algorithm  into  two  parts  with  the  underlying  assumption  that  Alice 
wants  to  send  a  message  to  Bob.  The  first  part  is  RSA  key  generation. 


(1)  Bob  generates  toe  large,  random  prime  p  ^  q  of  roughly  the  same  size. 

(2)  He  computed  both  n  =  pq  and  (f>{n )  =  (p- 1  )(q  - 1) .  The  integer  n  is  called  hi 
s  (RSA)  modulus. 

(3)  He  select  a  random  e  e  N  such  that  1  <  e  <  and  gcd(e,  <j)(n ))  =  1 .  The  int 
eger  e  is  called  his  (RSA)  enciphering  exponent. 

(4)  Using  the  extended  Euclidean  algorithm,  he  computes  the  unique  d  e  N  with 
1  <  d  <  <f>(n)  such  that  ed  =  1  (mod  ^(n)) 

(5)  Bob  publishes  (n,  e)  in  some  public  database  and  keeps  d,  p,  q,  and  priva 
te.  Thus,  Bob’s  (RSA)  public-key  is  (n,  e)  and  his  (RSA)  private  key  is  d.  the  i 
nteger  d  is  called  his  (RSA)  deciphering  exponent. 

Table  1.  First  Part  of  RSA  Algorithm  (Mollin,  2003) 


The  second  part  is  RSA  public -key  cipher.  This  part  again  is  dived  into  two  subparts; 
enciphering  stage  and  deciphering  stage.  In  enciphering  stage,  in  order  to  simplify  this 
stage,  we  assume  that  the  plaintext  message  m  e  M  is  in  numerical  form  with  m  <  n  . 
Also,  M  =  C  =  Z  /  nZ  ,  and  we  assume  that  gcd(n?,  n)  =  1 . 


24 


(1)  Alice  obtains  Bob’s  public-key  (n,  e)  form  the  database. 

(2)  She  enciphers  m  by  computing  c  =  me  (mod/?)  using  the  repeated  squaring  m 
ethod. 

(3)  She  sends  c  e  C  to  Bob. 

Table  2.  Second  Part  of  RSA  Algorithm  (Mollin,  2003) 

In  deciphering  stage,  once  Bob  receives  c,  he  used  d  to  compute  m  =  cd  (mod/?) . 
Moreover,  the  decryption  is  unique  in  that  we  always  recover  the  intended  plaintext. 

2.5.  Key  Management 

Cryptography  can  be  used  as  a  security  mechanism  to  provide  confidentiality, 
integrity,  and  authentication  as  long  as  the  keys  are  not  compromised  in  any  way.  If  the 
keys  can  be  captured,  modified,  corrupted,  or  disclosed  to  unauthorized  individuals,  then 
the  whole  cryptosystem  can  become  compromised.  Cryptography  is  based  on  a  trust 
model.  Individuals  trust  each  other  to  protect  their  own  keys,  they  trust  the  administrator 
who  is  maintaining  the  keys,  and  they  in  turn  trust  a  server  that  holds,  maintains,  and 
distributes  the  keys. 

Key  management  is  a  basic  part  of  any  secure  communication.  Most 
cryptosystems  rely  on  some  underlying  secure,  robust,  and  efficient  key  management 
system.  Key  management  deals  with  key  generation,  storage,  distribution,  updating, 
revocation,  and  certificate  service,  in  accordance  with  security  policies.  If  the  key  is 
exposed,  the  encrypted  information  would  not  be  protected  from  malicious  attacker.  The 
secrecy  of  the  symmetric  key  and  private  key  must  be  guaranteed  assuredly.  Key 
distribution  and  key  agreement  through  an  insecure  channel  is  at  high  risk  and  suffers 


25 


from  possible  attacks.  In  the  traditional  digital  envelop  approach,  one  side  produce  a 
session  key  and  encrypts  it  using  the  public-key  algorithm.  After  such  a  generation  and 
encryption,  the  other  side  receives  and  recovers  it.  In  the  Diffie-Hellman  (DH)  scheme, 
communication  parties  of  both  sides  share  some  public  information  and  generate  a 
session  key  on  both  sides.  A  number  of  complicated  key  exchange  or  distribution 
protocols  and  frameworks  have  been  designed  and  built.  However,  mobile  ad  hoc 
networks  have  strongly  restricted  computation  load  and  complexity  of  key  agreement 
protocol  because  of  node’s  lack  of  available  resource,  dynamic  network  topology,  or 
network  synchronization  difficulty.  Key  integrity  and  ownership  should  be  protected 
from  strong  key  attacks.  Digital  signature,  message  digest  and  hashed  message 
authentication  code  (HMAC)  are  techniques  used  for  the  data  authentication  or  integrity 
purpose.  In  the  same  way,  public  key  is  protected  by  public-key  certificate  in  which  a 
trusted  entity  called  certification  authority  (CA)  in  PKI  vouches  the  binding  of  the  public 
key  with  owner’s  identity.  In  systems  where  there  is  no  trusted  third  party  (TTP),  public- 
key  certificate  is  vouched  by  peer  nodes  in  a  distributed  manner,  such  as  pretty  good 
privacy  (PGP).  Obviously,  the  purpose  of  key  authentication  is  that  certificate  can  prove 
the  ownership  of  key  rather  than  decide  whether  it  is  good  or  not.  After  certain  valid 
period  of  usage,  the  key  could  be  compromised  or  disposed.  Since  key  should  not  use 
again  after  its  disclosure,  some  mechanism  is  required  to  revoke  the  compromised  key  in 
not  expired  period.  Certificate  contains  the  lifetime  of  validity.  If  the  key  is  expired,  it  is 
not  useful.  However,  the  private  key  maybe  is  able  to  be  disclosed  during  the  valid  period. 
In  this  case,  certificate  authority  (CA)  needs  to  revoke  this  certificate  explicitly  and  notify 
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the  network  by  using  the  certificate  revocation  list  (CRL)  to  prevent  its  invalid  usage 
(Bing,  2005). 

Key  maintenance  is  a  very  important  factor  in  securing  a  communications 
network.  There  is  more  to  key  maintenance  than  simply  using  them  to  encrypt  and 
decrypt  messages.  The  keys  have  to  be  distributed  securely  to  the  right  entities  and 
updated  continuously.  The  keys  need  to  be  protected  as  they  are  being  transmitted  and 
while  they  are  being  stored  on  each  workstation  and  server.  The  keys  need  to  generated, 
destroyed,  and  recovered  properly  on  demand  by  authorized  individuals.  The  keys  must 
be  stored  securely  before  and  after  distribution.  When  a  key  is  distributed  to  a  user,  it  is 
not  going  to  be  located  in  any  location;  it  needs  a  secure  place  to  be  stored  and  used  only 
in  a  controlled  manner.  The  keys,  the  algorithm  that  will  use  the  key,  configurations,  and 
parameters  are  stored  in  a  module  that  also  needs  to  be  protected.  If  an  attacker  were  able 
to  obtain  these  components,  she  could  masquerade  as  another  user  and  decrypt,  read,  and 
re-encrypt  messages  that  were  not  intended  for  her  (Harris,  2003) 

A  Key  Management  System  (KMS)  creates,  distributes,  and  manages  these 
certificates.  Thus,  the  KMS  is  at  the  heart  of  the  network’s  defenses.  A  KMS  provides 
high  service  availability  in  highly  partitioned  networks,  requires  minimal  pre¬ 
configuration  during  the  network  deployment  phase,  and  can  accommodate  new  nodes 
joining  the  network  (Hadjichristofi,  2005). 

Cryptographic  keys  have  to  be  randomly  generated.  The  secret  keying  material  that 
must  either  be  physically  secured  or  enciphered  allows  protecting  itself  from  disclosure, 
and  the  authentication  of  keying  material  prevents  from  illegal  modification. 
Authentication  may  be  implemented  with  the  use  of  parameters  like  counters  or 
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timestamps  to  also  protect  from  replay  of  old  keys,  insertion  of  false  keys,  and 
substitution  or  deletion  of  keys.  All  keying  material  is  related  to  one  or  more 
subjects/objects  of  a  system.  Additionally  it  intended  to  be  used  for  some  particular 
purpose.  A  major  threat  for  systems  is  generated  when  proper  identification  of  all 
subjects  accessing  the  system  is  provided.  Thus,  a  key  management  system  is  feasible  if  it 
guarantees  the  relation  between  an  entity  and  its  uniquely  defined  keys  (Fumy,  1993). 

If  the  key  management  has  weakness,  the  security  system  using  this  cryptography  is 
ineffective.  Key  management  is  the  most  important  element  of  secure  communication 
network.  The  secrecy  of  the  cryptographic  key  is  essential  when  designing  and 
implementing  any  kind  of  security  mechanism  in  order  to  set  up  a  trust  relationship 
between  two  or  more  communicating  parties.  Managing  these  cryptographic  keys  play  a 
critical  role  in  establishing  reliable  and  robust  security  communication.  Key  management 
can  be  defined  as  generating,  storing,  distributing,  deleting  or  archiving  keys  in  reference 
to  a  security  policy  (Budakoglu,  2004). 

Key  management  activities  include  the  generation,  distribution  or  agreement, 
storage,  utilization,  archiving,  deletion,  and  destruction  of  cryptographic  key  material  to 
support  cryptographically  based  security  mechanisms  employed  by  security  protocols. 
Because  OSI  is  concerned  solely  with  the  communications  aspects  of  end-system  and 
intennediate  systems,  a  key  management  protocol  is  limited  to  the  communications 
aspects  of  key  management.  An  implementation  of  an  OSI  key  management  protocol  and 
its  supporting  security  mechanisms  must  ensure  that  key  material  is  not  disclosed  or 
modified  during  exchanges,  and  that  the  key  material  is  protected  from  insertion, 
substitution,  and  deletion  (Jansen,  1993). 
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The  level  of  security  provided  by  an  encryption-based  scheme  for  secure 
communication  across  a  data  network  is  highly  dependent  on  the  security  of  the  keys 
used  for  the  encryption  and  decryption  of  data.  The  feasibility  of  such  an  updating, 
particularly  when  end-to-end  encryption  is  contemplated,  depends  on  the  existence  of  a 
key  management  mechanism  that  facilitates,  at  the  initiation  of  each  new  session,  the 
generation  of  a  session  key  and  its  distribution  to  the  two  end  communicants. 
Furthermore,  it  is  desirable  that  this  transfer  be  made  on  the  existing  communication 
channels,  which  in  turn  demands  the  highest  level  of  security  during  such  a  transfer. 
Consequently,  key  management  is  more  important  to  the  working  security  of  a  network 
than  the  mathematical  structure  of  the  encryption  algorithm  itself,  since  an  inefficient  key 
transfer  between  the  end  communicants  can  make  the  entire  scheme  worthless  regardless 
of  how  complex  the  encryption  itself  is  (Lu,  1989). 

2.5.1.  Key  Exchange 

Key  exchange  is  the  most  primitive  fonn  of  key  management.  People  wishing  to 
communicate  over  an  insecure  channel  must  exchange  a  cryptographic  key.  The  use  of 
physical  key  exchange  was  the  earliest  form  of  key  management,  if  it  can  be  described  as 
key  management  at  all.  Usually,  key  exchange  is  the  most  inconvenient  method  of 
creating  a  secure  association  between  two  communicating  entities.  However,  in  some  ad 
hoc  networking  scenarios  it  is  NOT  inconvenient  but  actually  a  requirement.  Thus,  for 
small  personal  area  networks  or  similar  scenarios,  physical  key  exchange  must  be  both 
logical  and  convenient  (Lehane,  2003). 
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2.5.2.  Key  Agreement  and  Group  Keying 

Group  keying  allows  multiparty  secure  communications,  and  hence  provides  group 
level  authentication  and  security.  However,  providing  keying  information  for  individual 
members  of  the  group  (i.e.  to  allow  people  to  communicate  privately  in  the  presence  of 
other  group  members)  requires  other  predetennined  key  agreements.  Indeed  networks 
may  form  where  group  affiliation  doesn’t  exist,  particularly  in  a  large-scale  civilian 
network.  As  such,  a  group  key  agreement  is  of  limited  utility  in  a  non-group  oriented 
network,  such  as  a  civilian  network  in  which  many  nodes  choose  to  communicate  but 
some  require  end-to-end  privacy.  A  public  key  infrastructure  is  better  suited  to  this 
scenario  (Lehane,  2003). 

2.5.3.  A  Summary  of  Key  Management 

A  summary  of  key  management  is  provided  below  (Bing,  2005): 

1 .  The  secrecy  of  key  itself  must  be  assured  in  the  local  host  system. 

2.  Secured  network  communications  involved  in  the  key  distribution  procedure 
between  communication  parties  must  be  insured  when  the  key  may  be  transmitted 
through  insecure  channels  to  maintain  key  confidentiality  and  integrity. 

3.  A  framework  of  trust  relationships  needs  to  be  built  for  authentication  of  key 
ownership.  While  some  frameworks  are  based  on  a  centralized  Trusted  Third 
Party  (TTP),  other  could  be  fully  distributed.  For  example,  a  Certificate  Authority 
is  the  TTP  in  PKI,  Key  Distribution  Center  (KDC)  in  the  symmetric  system, 
meanwhile  in  PGP,  no  such  a  trusted  entity  is  assumed. 

4.  The  key  can  become  expired  or  have  been  revoked  within  its  valid  period. 
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III.  Methodology 


3.1.  Overview 

This  chapter  discusses  the  methodologies  used  to  conduct  this  research.  In  order 
to  answer  the  primary  research  question,  both  a  content  analysis  and  a  case  study 
methodology  are  employed.  In  some  cases,  a  qualitative  approach  may  be  used.  Finally, 
a  comparison  analysis  is  provided  in  last  stage  in  order  to  offering  better  understanding  of 
results.  Specifically,  this  chapter  will  describe  the  research  design,  explain  why  the 
methodology  approach  is  appropriate  for  this  effort,  and  describe  how  these  data  will  be 
analyzed  to  answer  the  research  question  presented. 

3.2.  Selecting  Methodology 

Leedy  (2001)  provides  a  methodology  to  select  between  the  Qualitative  and 
Quantitative  research  approaches.  Leedy  (2001)  also  enumerates  five  basic  research 
characteristics:  purpose,  process,  data  collection,  data  analysis,  and  reporting  findings. 
These  characteristics  help  the  researcher  to  make  a  decision  so  that  best  approach  applies 
to  their  particular  area  of  study.  In  Table  3  (Leedy,  2001),  there  are  live  general  questions 
used  to  detennine  if  the  research  is  quantitative  or  qualitative. 
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Question: 

Quantitative 

Qualitative: 

What  is  the  purpose  of  the 
research? 

•  To  explain  and  predict 

•  To  confirm  and  validate 

•  To  test  theory 

•  To  describe  and  explain 

•  To  explore  and  interpret 

•  To  build  theory 

•  Focused 

•  Holistic 

•  Known  variables 

•  Unknown  variables 

What  is  the  nature  of  the 
research  process? 

•  Established  guidelines 

•  Static  design 

•  Context-free 

•  Flexible  guidelines 

•  Emergent  design 

•  Context-bound 

•  Detached  View 

•  Personal  view 

What  are  the  methods  of 
data  collection? 

•  Representative,  large 
sample 

•  Standardized  instruments 

•  Informative,  small  sample 

•  Observations,  interviews 

What  is  the  form  of 

•  Deductive  analysis 

•  Inductive  analysis 

reasoning  used  in  analysis? 

•  Numbers 

•  Words 

How  are  findings 
communicated? 

•  Statistics,  aggregated  data 

•  Formal  voice,  scientific 
style 

•  Narratives,  individual 
quotes 

•  Personal  voice,  literary 
style 

Table  3.  Selection  of  Methodological  Approach  (Leedy,  2001) 


1)  Purpose:  Quantitative  researchers  seek  to  explain  and  predicate  relationships  and  to 
develop  generalizations.  Qualitative  researchers  seek  a  better  understanding  and  may  use 
their  observations  to  build  theory  (Leedy,  2001). 

2)  Process:  Leedy  (2001)  also  discusses  the  research  process.  The  quantitative  research 
processes  provides  carefully  structured  guidelines.  The  qualitative  research  process  is 
more  holistic  and  emergent  in  design,  measurement  instruments,  and  interpretations 
(Leedy,  2001). 

3)  Data  Collection:  Leedy  (2001)  states  that  during  quantitative  data  collection, 
researchers  identify  variables  and  accumulate  data  specifically  related  to  those  variables 
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from  a  population.  In  qualitative  data  collection,  the  researchers  operate  under  the 
assumption  that  reality  is  not  easily  divided  into  discrete,  measurable  variables. 

4)  Data  Analysis:  For  data  analysis,  all  research  requires  logical  reasoning.  Quantitative 
researchers  tend  to  depend  on  deductive  reasoning  while  qualitative  researchers  make 
considerable  use  of  inductive  reasoning.  (Leedy,  2001). 

5)  Report  Findings:  In  order  to  report  findings,  quantitative  researchers  typically  reduce 
their  data  numbers  and  employ  the  power  of  interpretation.  Qualitative  researchers 
construct  interpretive  narratives  from  their  data  and  try  to  capture  the  complexity  of  the 
phenomenon  under  study  (Leedy,  2001). 

By  using  these  questions  to  detennine  the  proper  research  approach,  the 
qualitative  methodology  appears  to  me  the  most  desirable  methodology  for  this  research. 
Leedy  (2001)  explains  that  research  studies  are  enhanced  by  combining  both  qualitative 
and  quantitative  research  approaches.  Even  if  quantitative  approach  is  not  designed,  this 
study  may  use  some  quantitative  data  that  may  enhance  the  qualitative  data  analysis. 

On  the  other  hand,  Yin  (2003)  states,  there  are  several  ways  for  social  science 
research.  These  consist  of:  experiments,  surveys,  histories,  analysis  of  archival 
information,  and  case  study.  When  choosing  a  research  method,  each  strategy  has 
advantages  and  disadvantages,  depending  on  three  conditions:  (a)  the  type  of  research 
question,  (b)  the  extent  of  control  an  investigator  has  over  actual  behavioral  events  and 
(c)  the  degree  of  focus  on  contemporary  as  opposed  to  historical  phenomena  (Yin,  2003). 
Table  4  shows  these  three  conditions  and  explains  how  to  be  related  to  the  five  major 
research  strategies. 
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Strategy 

Form  of  Research 
Question 

Requires  Control  of 
Behavioral  Event? 

Focuses  on 
Contemporary 
Events 

Experiment 

How,  Why? 

Yes 

Yes 

Survey 

Who,  What,  Where, 
How  many,  How 
much? 

No 

Yes 

Archival  analysis 

Who,  What,  Where, 
How  many,  How 
much? 

No 

Yes  /  No 

History 

How,  Why? 

No 

No 

Case  Study 

How,  Why? 

No 

Yes 

Table  4.  Strategy  for  Research  Design  (Yin,  2003) 


3.3.  Qualitative  Research 

The  qualitative  study  is  an  inquiry  process  of  understanding  a  social  or  human 
problem  conducted  in  a  natural  setting.  The  three  factors  determine  the  appropriate 
research  approach:  research  problem,  personal  experiences  of  the  researcher,  and  the 
audience.  The  qualitative  approach  is  appropriate  to  investigate  exploratory  research 
problems  by  researchers  with  experience  in  literary  writing  and  intending  to  present  their 
results  to  practitioners  (Creswell,  2003). 

In  addition,  other  researchers  provide  guidelines  for  selecting  the  qualitative 
approach.  According  to  Leedy  (2001),  a  case  study  is  a  type  of  qualitative  research  in 
which  information  is  collected  about  a  single  or  multiple  cases  to  learn  more  about  an 
unknown  or  poorly  understood  state  of  affairs  (Leedy,  2001).  Yin  state  that  case  studies 
investigate  contemporary  problems  within  real-life  context  to  account  for  pertinent 
influences  on  the  research  topic  (Yin,  2003). 
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Leedy  (2001)  explains  that  the  relationship  between  data  and  methodology  is 
inextricably  interdependent.  For  this  reason,  choosing  the  appropriate  methodology  must 
always  consider  the  data  that  will  be  collected  in  the  resolution  of  the  problem.  To 
accurately  state,  the  research  questions,  a  flexible  approach  was  needed  to  explore  the 
unknown.  Patton  (2002)  explains  that  qualitative  inquiries  come  from  exploration, 
discovery,  and  inductive  logic.  An  inductive  approach  is  used  in  this  research  to  find  out 
what  the  important  questions  and  variables  are  (Patton,  2002).  Then,  a  qualitative 
approach  is  suitable  to  answer  the  research  and  investigative  questions  of  this 
exploration. 

Quantitative  research  is  used  when  exploring  the  relationships  between  measured 
variables  in  order  to  explain,  predict,  or  control  phenomena  (Leedy,  2001).  Moreover, 
quantitative  research  tries  to  either  prove  or  disprove  hypotheses  that  are  under  study. 
Conversely,  qualitative  research  attempts  to  answer  questions  relating  to  the  complexity 
of  a  phenomenon  using  the  participant’s  point  of  view  as  the  basis  for  explaining  or 
understanding  the  events  (Leedy,  2001).  Lastly,  qualitative  research  may  end  with 
hypotheses  generated  or  temporary  answers  relating  to  the  phenomena  under  study.  The 
qualitative  research  methodology  is  used  in  a  lot  of  disciplines  in  an  attempt  to  detennine 
and  explain  what  has  happened  or  is  happening  (Leedy,  2001). 

A  qualitative  approach  is  appropriate  when  developing  new  insight  about  a 
phenomenon  (Leedy,  2001).  In  the  case  of  this  research,  the  phenomenon  is  the 
environment  of  secure  network  such  as  mobile  ad  hoc  network  and  the  insights  are  the 
security  issues  on  such  a  secure  network.  Because  the  data  for  this  research  is  obtained 
from  written  text,  Denzin  categorize  it  as  a  test  as  proxy  for  experience  using  free  flowing 
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text  (Denzin,  2000).  They  list  six  methodologies  that  could  be  used  for  this  type  of  data, 
but  suggest  content  analysis  as  the  most  appropriate  research  method  for  this  type  of  data 
(Denzin,  2000).  Leedy  (2001)  agrees  with  this  description  of  content  analysis  as  a 
detailed  and  systematic  examination  of  the  contents  of  a  particular  body  of  material  for 
the  purpose  of  identifying  patterns  (Leedy,  2001).  By  analyzing  text,  the  researcher  finds 
codes  or  the  intent  of  what  is  written  (Leedy,  2001).  Neuendorf  (2002)  also  concurs  by 
stating  that  a  content  analysis  is  a  systematic,  objective,  quantitative,  analysis  of  message 
characteristics.  Each  of  these  definitions  shows  that  content  analysis  is  an  appropriate 
methodology  in  order  to  satisfy  the  purpose  of  this  research.  Thus,  content  analysis  was 
chosen  as  the  best  methodology  to  answer  the  questions  posed  in  this  study. 

3.4.  Case  Study 

The  case  study  is  especially  suitable  for  learning  more  about  a  poorly  understood 
situation  (Leedy,  2001).  The  case  study  strategy  is  used  when  the  research  satisfies  the 
following  three  conditions:  the  research  questions  must  be  in  the  fonn  of  how  or  why,  the 
researcher  must  not  have  any  control  over  events,  and  the  study  must  focus  on  a 
contemporary  event  or  problem  (Yin,  2003). 

Yin  (2003)  defines  the  appropriateness  of  case  study  as  a  research  method  by 
providing  the  following  technical  definition:  A  case  study  is  an  empirical  inquiry  that 
investigates  a  contemporary  phenomenon  within  its  real-life  context,  especially  when  the 
boundaries  between  phenomenon  and  context  are  not  clearly  evident  (Yin,  2003). 

Leedy  (2001)  also  supports  the  use  of  a  case  study  in  situations  when  its  unique  or 
exceptional  qualities  can  promote  understanding  or  inform  practice  for  similar  situations, 
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and  a  case  study  may  be  especially  suitable  for  learning  more  about  a  little  known  or 
poorly  understood  situation  (Leedy,  2001). 

A  number  of  definitions  for  the  case  study  methodology  have  existed  over  the 
years.  In  case  studies,  the  researcher  explores  in  depth  a  program,  an  event,  an  activity,  a 
process,  or  one  or  more  individuals.  The  case  (or  cases)  is  bounded  by  time  and  activity. 
Researchers  gather  detailed  information  using  a  variety  of  data  collection  procedures 
(Stake,  1995). 

The  case  study  approach  to  qualitative  research  constitutes  a  specific  way  of 
collecting,  organizing,  and  analyzing  data  (Patton,  2002).  In  a  case  study,  a  particular 
individual,  program,  or  event  is  studied  in-depth  for  a  defined  period  of  time  (Leedy, 
2001).  The  researcher  will  investigate  a  topic  when  the  theory  base  is  unknown 
(Creswell,  2003).  The  researcher  tries  to  test  the  validity  of  certain  assumptions,  claims, 
theories,  or  generalizations  within  real-world  contexts  (Leedy,  2001). 

A  lot  of  the  definitions  of  case  study  exist  (Leedy,  2001;  Patton,  2002;  Stake, 
1995;  Yin,  2003).  Yin  (2003)  states  that  the  case  study  constructs  an  all-encompassing 
method  and  it  include  the  logic  of  design,  data  collection  techniques,  and  specific 
approaches  to  data  analysis.  Regardless  of  the  chosen  definition,  Benbasat  (1987)  explain 
that  the  case  study  is  suitable  to  capture  the  knowledge  of  practitioners  and  to  develop 
theories.  Benbasat  (1987)  listed  eleven  characteristics  of  case  studies.  Table  5  is  the 
eleven  characteristics.  These  characteristics  of  the  case  study  method  were  related  to  the 
purpose  of  this  research. 
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1 .  Phenomenon  is  examined  in  a  natural  setting. 

2.  Data  are  collected  by  multiple  means. 

3.  One  or  few  entities  (person,  group,  or  organization)  are  examined. 

4.  The  complexity  of  the  unit  is  studied  intensively. 

5.  Case  studies  are  more  suitable  for  the  exploration,  classification  and  hypothesis 
development  stages  of  the  knowledge  building  process;  the  investigator  should 
have  a  receptive  attitude  towards  exploration. 

6.  No  experimental  controls  or  manipulation  are  involved. 

7.  The  investigator  may  not  specify  the  set  of  independent  and  dependent  variables 
in  advance. 

8.  The  results  derived  depend  heavily  on  the  integrative  powers  of  the  investigator. 

9.  Changes  in  site  selection  and  data  collection  methods  could  take  place  as  the 
investigator  develops  new  hypotheses. 

10.  Case  research  is  useful  in  the  study  of  “why”  and  “how”  questions  because  these 
deal  with  operational  links  to  be  traced  over  time  rather  than  with  frequency  or 
incidence. 

11.  The  focus  is  on  contemporary  events. 

Table  5.  Key  Characteristics  of  Case  Studies  (Benbasat,  1987) 


A  case  study  is  an  ideal  methodology  when  a  holistic,  in-depth  investigation  is 
needed  (Feagin  1991).  The  case  study  is  preferred  in  examining  contemporary  events,  but 
only  when  the  relevant  behaviors  cannot  be  influenced  (Yin  2003).  Case  studies  are 
designed  to  bring  out  the  details  from  the  viewpoint  of  the  participants  by  using  multiple 
sources  of  data  (Tellis  1997). 
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3.5.  Comparison  Analysis 

In  final  stage  of  completing  this  study,  a  comparative  analysis  of  the  usability  of 
guidelines  created  from  the  qualitative  literature  review  will  be  performed.  Patton  (2002) 
states,  that  understanding  unique  cases  can  be  deepened  by  a  comparative  analysis. 
Comparisons  can  also  be  important  in  illuminating  differences  between  programs  in 
evaluation  (Patton,  2002).  In  this  study,  the  key  management  strategy  used  in  each  secure 
network  environment  will  be  compared  and  analyzed  to  determine  1)  which  is  better  then 
others,  2)  if  one  is  abstractly  secure,  and/or  3)  if  one  has  good  characteristics  in  particular 
environment  will  it  satisfy  the  requirements  of  the  others. 

3.6.  Content  Analysis 

3.6.1.  Definition  of  Content  Analysis 

Content  analysis  is  a  research  technique  for  making  replicable  and  valid 
inferences  from  texts  (or  other  meaningful  matter)  to  the  contexts  of  their  use.  As  a 
technique,  content  analysis  involves  specialized  procedures.  It  is  learnable  and 
divorceable  from  the  personal  authority  of  the  researcher.  As  a  research  technique, 
content  analysis  provides  new  insights,  increases  a  researcher’s  knowledge  of  particular 
phenomena,  or  informs  practical  actions  (Krippendorff,  2004). 

3.6.2.  Advantages  of  Content  Analysis 

Compared  with  other  data-generating  and  analysis  techniques,  content  analysis  has 
several  advantages  (Weber,  1990): 
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1 .  Communication  is  a  central  aspect  of  social  interaction.  Content  analytic 
procedures  operate  directly  on  text  or  transcripts  of  human  communication. 

2.  The  best  content  analysis  studies  use  both  qualitative  and  quantitative  operations 
on  texts.  Thus  content  analysis  methods  combine  what  are  usually  thought  to  be 
antithetical  modes  or  analysis. 

3.  Documents  of  various  kinds  exist  over  long  periods  of  time.  Culture  indicators 
generated  form  such  series  of  documents  constitute  reliable  data  that  may  span 
even  centuries. 

4.  In  more  recent  times,  when  reliable  data  of  other  kinds  exist,  culture  indicators 
can  be  used  to  assess  quantitatively  the  relationships  among  economic,  social, 
political,  and  cultural  change. 

5.  Compared  with  techniques  such  as  interviews,  content  analysis  usually  provides 
unobtrusive  measures  in  which  neither  the  sender  nor  the  receiver  of  the  message 
is  aware  that  it  is  being  analyzed.  Hence,  there  is  little  danger  that  the  act  of 
measurement  itself  will  act  as  a  force  for  change  that  confounds  the  data. 

3.6.3.  Issues  in  Content  Analysis 

A  central  idea  in  content  analysis  is  that  the  many  words  of  the  text  are  classified  into 
much  fewer  content  categories.  Each  category  may  consist  of  one,  several,  or  many 
words.  Words,  phrases,  or  other  units  of  text  classified  in  the  same  category  are  presumed 
to  have  similar  meanings.  Depending  on  the  purposes  of  the  investigator,  this  similarity 
may  be  based  on  the  precise  meaning  of  the  words,  or  may  be  based  on  words  sharing 
similar  connotations.  To  make  valid  inferences  from  the  text,  it  is  important  that  the 
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classification  procedure  be  reliable  in  the  sense  of  being  consistent.  Different  people 
should  code  the  same  text  in  the  same  way.  Also,  the  classification  procedure  must 
generate  variables  that  are  valid.  A  variable  is  valid  to  the  extent  that  it  measures  or 
represents  what  the  investigator  intends  it  to  measure  (Weber,  1990). 

3.6.4.  The  Nine  Step  Process  of  Content  Analysis 

In  the  content  analysis  methodology,  the  researcher  identifies  the  specific  material 
to  be  analyzed  and  how  to  precisely  code  that  material  (Leedy,  2001).  Then  the 
researcher  uses  quantitative  analysis  techniques  to  a  matrix  of  these  coded  entries  to 
construct  the  central  themes  across  the  data  (Denzin,  2000).  Neuendorf  (2002)  suggests 
the  nine  step  process.  Table  6  briefly  explains  these  steps. 
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Table  6.  A  Flowchart  for  Content  Analysis  Research  (Neuendorf,  2002) 
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3.7.  Research  Design 

3.7.1.  Theory  and  rationale 

This  step  explains  what  references  will  be  examined  and  why  they  are  selected. 
The  focus  of  the  content  analysis  is  to  include  all  of  the  articles  related  to  key 
management  in  secure  wireless  network.  The  reference  materials  will  be  collected  using 
various  sources.  Generally,  the  intentions  of  the  researcher  can  cause  certain  references  to 
be  included  or  excluded,  which  can  be  the  source  of  significant  bias.  In  order  to  reduce 
this  bias  in  the  reference  selection  process,  the  references  are  chosen  randomly  (Leedy, 
2001). 

3.7.2.  Conceptualizations 

This  step  describes  what  variables  will  be  used  in  the  research  and  how  they  will 
be  conceptualized  (Neuendorf,  2002).  In  order  to  answer  the  research  questions,  each  of 
the  secure  wireless  network  environments  including  the  Wireless  Network  (WNs), 
Wireless  Sensor  Network  (WSNs),  and  Mobile  Ad  Hoc  Networks  (MANETs)  are 
explained.  The  basic  concepts  of  cryptography  used  in  each  of  the  wireless  networks  are 
described  to  provide  insight  into  how  the  network  is  secured.  The  review  chapter 
provides  an  explanation  of  the  Public  Key  Infrastructure  which  is  the  most  effective 
mechanism  process  for  implementing  Key  Management. 

3.7.3.  Operationalizations 

In  this  step,  the  unit  of  measure  employed  in  this  research  is  defined.  This  unit  of 
measure  is  important  to  provide  the  code  schemes  (Neuendorf,  2002).  This  research  used 
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the  reference  article  as  the  unit  of  measure.  In  order  to  reduce  researcher  input  into 
selecting  process,  there  is  no  weight  and  no  bias  based  on  the  author  or  source.  However, 
since  the  primary  researcher  could  not  examine  all  of  the  related  references,  only  a  subset 
of  all  possible  references  was  used  in  this  research. 

3.7.4.  Coding  schemes 

The  coding  scheme  is  used  to  analyze  and  categorize  the  data.  Once  all  relevant 
references  are  identified,  the  references  will  be  coded  to  indicate  if  they  provide 
information  on  the  characteristics  of  wireless  networking  and/or  key  management  in  a 
secured  wireless  network.  The  words  used  in  searching  are  “key  management”, 
“security”,  and  “cryptography”.  In  order  to  decide  whether  this  is  related  to  our  key  issue, 
the  three  codes  are  employed,  as  follows: 

0  Not  mentioned  -  the  issue  is  not  mentioned  at  all  in  the  material 

1  Mentioned  -  the  issue  is  merely  mentioned  in  the  material 

2  Key  Idea  -  the  idea  is  fully  developed  and  is  the  focus  of  the  paper 

From  this  analysis,  the  list  of  important  related  issues  were  generated  and  stored. 
These  issues  were  used  by  the  research  coders  in  order  to  analyze  the  material.  The 
researcher  analyzed  and  assessed  the  existence  of  these  issues  contained  in  the  key  issue 
list  in  the  selected  literatures. 
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3.7.5.  Sampling 

Since  it  is  impossible  to  execute  a  complete  census  of  the  reference  population,  a 
random  selection  process  was  provided  to  collect  data  used  in  the  content  of  the  research 
(Neuendorf,  2002).  In  order  to  identify  Key  Management  issues  in  secured  wireless 
networks,  a  subsample  of  all  related  available  literatures  will  be  collected.  The  primary 
source  of  material  for  this  study  will  be  obtained  from  the  Association  for  Computing 
Machinery  (ACM;  http://www.acm.org/)  and  Institute  of  Electrical  and  Electronics 
Engineers  (IEEE;  http://www.ieee.org/portal/site).  In  addition,  the  online  research 
database  in  the  AFIT  Academy  Library  (http://www.afit.edu/library/)  will  be  used  to 
identify  other  significant  resources  to  be  used  in  this  research. 

For  each  reference,  the  title  and  abstract  of  the  material  are  examined.  If  this 
material  includes  the  concepts  related  to  the  research,  the  reference  is  read  in  its  entirety. 
If  the  material  is  relevant,  the  reference  is  classified  into  wireless  network  (WNs,  WSNs, 
and  MANETs),  key  management  (WNs,  WSNs,  and  MANETs). 

3.7.6.  Training  and  pilot  reliability 

This  section  explains  the  role  of  research  coders  in  performing  their  analysis.  In 
this  research,  the  research  coders  did  not  exist.  Ideally,  several  coders  are  required  in 
order  to  provide  the  reliability.  Due  to  the  limitations  of  obtain  volunteers  who  have 
enough  background  related  to  wireless  networks,  security,  and  cryptography  to  evaluate 
and  assess  the  data,  this  content  analysis  was  conducted  by  only  the  primary  researcher. 
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3.7.7.  Coding 

From  the  references  related  to  general  key  management,  the  problem  and  critical 
issues  of  Key  Management  are  examined  and  stored.  These  issues  are  recorded  using  the 
tool  such  as  Microsoft  Office  Excel  2003.  These  issues  were  numbered,  (e.g.  Factor- 1, 
Factor-2,  ...  /  Problem- 1,  Problem-2,  ...)  While  the  selected  are  examined,  if  the  ideas 
related  to  issues  is  found,  the  number  of  the  issues  are  counted  in  the  spreadsheet  of 
Microsoft  Office  Excel  2003.  The  counted  numbers  of  each  issue  are  analyzed  and 
interpreted  in  order  to  identify  the  main  problems  and  factors  of  Key  Management  in 
each  secure  wireless  network. 

3.7.8.  Final  reliability 

To  make  valid  inferences  from  the  text,  it  is  important  that  the  classification 
procedure  be  reliable  in  the  sense  of  being  consistent:  different  people  should  code  the 
same  text  in  the  same  way  (Weber,  1990).  Comparing  the  result  of  the  primary  researcher 
with  ones  of  several  coders  provide  the  measure  of  reliability  in  validating  the  results. 
Since  there  are  no  coders  to  validate  the  results  in  this  research,  it  is  not  possible  to  obtain 
the  measure  of  reliability.  However,  this  research  attempted  to  obtain  the  key  issues  from 
a  variety  of  references  in  order  to  examine  various  authors’  opinions  related  to  Key 
Management. 

3.7.9.  Tabulation  and  reporting 

In  the  final  step,  the  results  of  the  study  are  tabulated  and  reported  (Neuendorf, 
2002).  The  final  resulted  were  stored  and  arranged  in  the  spreadsheet  of  Microsoft  Office 
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Excel  2003.  These  results  were  transferred  into  pie  chart  in  order  for  displaying  them 
visually.  These  findings  will  be  interpreted  and  discussed  in  chapter  IV  and  chapter  V. 

3.8.  Research  Limitations 

The  results  of  this  study  are  subject  to  limitations  based  upon  constraints 
encountered  in  the  research  process.  First,  as  with  all  qualitative  research,  the  researcher 
plays  a  major  role  as  key  instruments  in  this  study  (Leedy,  2001).  As  a  result,  the  intent 
of  researcher  can  drastically  have  an  effect  on  the  research  results  in  a  lot  of  ways.  This 
bias  of  researcher  includes  some  issues  such  as  researcher  background,  previous 
knowledge,  personal  predispositions,  researcher  skill,  and  competency  (Leedy,  2001). 
Because  of  importance  of  researcher’s  role,  it  is  impossible  to  completely  remove  all  bias. 
In  order  to  reduce  this  effect,  all  researchers  should  have  an  indirect  position  when 
conducting  their  analysis.  Consequently,  reducing  researcher  bias  and  choice  is 
significant  factor  to  provide  good  results.  Unfortunately,  in  this  study  the  author  both 
formulated  the  research  questions  and  conducted  the  content  analysis  without  additional 
help  in  coding  references. 

Second,  there  is  no  way  to  perfectly  obtain  all  written  material  concerning  the  key 
management  in  a  secured  network  environment.  There  is  limited  and  restricted  factor  to 
explore  the  related  field  in  conducting  this  research.  This  issue  must  be  considered  when 
the  researcher  makes  conclusions  from  these  results  (Leedy,  2001).  Further,  there  is  very 
little  literature  available  about  MANETs  in  general  that  contains  substantial  information 
about  key  management. 
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Third,  some  of  the  references  that  discuss  securing  wireless  networks  are 
classified  and  unavailable  to  an  international  student.  This  may  result  in  some  newer 
developments  not  being  included  in  this  research. 

Finally,  an  inability  to  generalize  the  findings  and  results  is  another  limitation  of 
this  research.  This  research  targets  only  wireless  network  environment  and  does  not 
attempt  to  generalize  to  other  network  environment.  Thus,  the  guideline  provided  by  this 
research  may  not  be  suitable  for  combined  network  environment  and  new  wireless 
network  environment  which  is  not  defined  by  this  research. 
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IV.  An  Analysis  of  Key  Management 


4.1.  The  Secure  Network  Environment 

4.1.1.  Overview 

In  this  study,  we  focus  our  attention  on  secure  wireless  networks.  Specifically,  our 
scope  is  limited  to  wireless  networks  (WNs),  wireless  sensor  networks  (WSNs),  and 
mobile  ad  hoc  network  (MANETs).  In  order  to  present  the  characteristics  of  each  secure 
network  environment,  a  content  analysis  comprised  of  fifty-six  salient  documents  was 
conducted.  A  list  of  references  is  contained  in  Appendix  A. 

4.1.2.  Wireless  Networks  (WNs) 

Characteristics  (  Advantage) 

Wireless  networks  are  being  deployed  ubiquitously  at  a  remarkable  pace.  Low 
cost,  ease  of  operation,  platfonn  independence,  and  product  variety  make  them  appealing 
to  everybody  (Godber,  2002).  Wireless  Local  Area  Networks  (WLANs)  will  facilitate 
ubiquitous  communications  and  location  independent  computing  in  restricted  spatial 
domains.  The  main  attractions  of  wireless  network  include:  cost  effectiveness,  ease  of 
installation,  flexibility,  tether-less  access  to  the  information  infrastructure,  and  support 
for  ubiquitous  computing  through  station  mobility  (Park,  1998). 

Schmidt  (2003)  explains  the  characteristics  of  WLANs  as  requiring  zero 
configurations,  ubiquity,  and  the  ease  of  the  creation  of  mesh  networks.  Kamik  (2005) 
identified  and  demonstrated  the  financial  and  performance  benefits  of  WLANs: 
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-  Financial  benefits:  Intel  Corporation  conducted  an  analysis  concluding  that  wireless 
networks  offer  significant  savings  in  two  financial  areas  such  as  Total  Cost  of 
Ownership  (TCO)  and  Return  on  Investment  (ROI). 

-  Performance  benefits:  Wireless  networks  also  offer  performance  benefits  in  tenns  of 
increased  accuracy  and  productivity 

The  IEEE  has  specified  various  WLAN  standards,  some  of  which  are 
summarized  below  in  Table  7  (Schmidt,  2003): 


Standard 

Description 

Application 

802.11a 

•  5  GHz 

•  12  Channels 

•  22  Mbps 

•  Large-scale  corporate  environment 

•  Less  interference 

•  Higher  performance 

802.11b 

•  2.4  GHz 

•  3  Channels 

•  11  Mbps 

•  Hot  Spots  &  Residential  environment 

•  Lower  speed 

•  Low  cost  &  Variety  of  products 

802.1  lg 

•  2.4  GHz 

•  3  Channels 

•  54  Mbps 

•  Compatible  with  802. lib 

•  Higher  speed 

Table  7.  Wireless  Local  Area  Network  Standard  (Schmidt,  2003) 
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Weakness 


Wireless  networks  provide  convenience  and  low-cost  deployment.  However, 
they  lack  any  inherent  means  of  strong  security  (Allen,  2002).  The  standards  committee 
for  wireless  network  left  many  difficult  security  issues  such  as  key  management  and  a 
robust  authentication  mechanism  as  open  problems.  The  fact  that  wireless  networks 
provide  a  network  access  point  for  an  adversary  creates  critical  security  problem.  The 
end-to-end  problem  (easy  access)  affects  wired  as  well  as  wireless  security.  However,  it 
is  much  greater  threat  in  wireless  network  because  the  attacker  has  easy  access  to  the 
transport  medium  (Arbaugh,  2003). 

A  wireless  network  can  be  as  secure  as  a  wired  network  if  security  guidelines  are 
implemented  and  enforced  strictly.  One  of  the  major  problems  to  provide  secure  network 
environment  in  wireless  network  is  that  wireless  media  are  inherently  less  secure 
(Bharghavan,  1994).  Security  over  a  wireless  environment  is  more  complicated  than  in  a 
wired  environment.  Due  to  the  wide  open  nature  of  wireless  radio,  many  attacks  could 
make  the  network  insecure  (Chen,  2005). 

Due  to  the  nature  of  a  wireless  network,  wireless  communication  is  unprotected 
and  can  easily  be  eavesdropped  on  or  even  spoofed  (Eisinger,  2005).  Since  in  wireless 
LANs  the  bandwidth  and  the  computing  resources  are  limited,  complex  cryptographic 
protocols  such  as  those  requiring  extensive  computations  and  transmissions  can  not  be 
considered  (Park,  1998). 

The  Wired  Equivalent  Privacy  (WEP)  protocol  was  designed  to  provide 
confidentiality  for  network  traffic  using  the  wireless  protocol.  However,  when  WLANs 
was  released,  WEP  was  mistaken  as  an  encryption  solution.  WEP  was  only  designed  to 
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provide  wired-equivalent  privacy  on  a  wireless  network.  A  wireless  solution  that  uses 
WEP  works  in  conjunction  with  another  security  system  to  provide  the  authentication  and 
accounting  necessary.  Even  in  those  situations,  WEP  does  not  perforin  the  encryption 
necessary  to  consider  a  wireless  network  secure.  Open  source  and  freeware  programs  are 
easily  available  that  crack  and  decode  WEP  sessions.  Universities  provide  ideal 
incubators  for  such  network  subversion  (Allen,  2002). 

4,1.3.  Wireless  Sensor  Networks  (WSNs) 

Characteristics  (  Advantage) 

A  sensor  is  a  miniature  device  capable  of  detecting  environmental  conditions 
such  as  temperature,  sound,  humidity,  seismic  tremors,  or  the  presence  of  certain  objects. 
Sensors  incorporate  sensing,  low-power  data  processing,  and  low-power  wireless 
communication  capabilities  (Olariu,  2005).  Wireless  Sensor  networks  is  an  emerging 
paradigm  of  computing  and  networking  where  a  node  may  be  self-powered,  and  have 
sensing,  computing,  and  communication  capabilities  (Bai,  2004). 

The  main  driving  forces  for  wireless  sensor  networks  are  fault  tolerance,  energy 
gain  and  spatial  capacity  gain.  A  wireless  sensor  network  provides  a  suitable  interface  for 
interaction,  physical  control,  infonnation  harvesting  and  exchange  (Bilstrup,  2003).  In 
sensor  networks,  it  has  many  advantages  to  replace  cables  with  wireless  logical  links.  Its 
key  features  are  robustness,  low  complexity,  low  power  and  low  cost.  A  restriction  of  a 
position  to  set  up  sensor  nodes  disappears  and  it  has  more  advantages  to  maintain,  mend 
and  recover  than  the  existing  wired  network  (Choi,  2004). 
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Being  characterized  by  their  low-power,  small  size,  and  cheap  price,  sensor 
nodes  are  capable  of  wireless  communication,  sensing  and  computations  (Dai,  2005). 
Wireless  sensor  nodes  have  emerged  as  a  result  of  recent  advances  in  low-power  digital 
and  analog  circuitry,  low-power  RF  design  and  sensor  technology  (Rajaravivarma,  2003). 
Wireless  sensor  network  have  enabled  the  development  of  low-cost,  low-power, 
multifunctional  sensor  nodes  that  are  small  in  size  and  communicated  in  short  distances. 
Sensor  networks  are  highly  vulnerable  to  security  attacks  (Tie,  2005). 

Weakness 

Remote  wireless  sensor  networks  are  vulnerable  to  malicious  attacks.  While 
wired  and  infrastructure-based  wireless  networks  have  mature  intrusion  detection  systems 
and  sophisticated  firewalls  to  block  these  attacks,  wireless  sensor  networks  have  only 
primitive  defenses.  Wireless  networks  require  innovative  medium  access  techniques  to 
share  the  limited  broadcast  bandwidth  in  a  fair  and  efficient  manner  as  computing  and 
communications  devices  continue  to  proliferate  (Brownfield,  2005). 

One  of  the  major  barriers  to  deploying  security  on  sensor  networks  is  that  current 
sensor  devices  have  limited  computation  and  communication  capabilities.  They  are 
vulnerable  to  attacks  which  are  more  difficult  to  launch  in  the  wired  domain.  Sensor 
networks  are  vulnerable  to  resource  consumption  attacks  (Karlof,  2004).  These  sensors 
are  inexpensive,  low-power  devices.  As  a  result,  they  have  limited  computational  and 
communication  resources  (Perrig,  2002). 

When  sensors  are  deployed  in  a  hostile  place  like  a  battlefield,  they  are  subject  to 
physical  attacks  by  an  adversary.  The  adversary  may  be  able  to  undetectably  take  control 
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of  a  sensor  and  compromise  the  cryptographic  keys.  The  amount  of  key-storage  in  each 
sensor  is  highly  limited;  it  is  not  capable  to  store  keys  with  every  other  sensor.  Typical 
sensor  network  platforms  have  very  low  bandwidth.  Transmission  reliability  is  often  low, 
making  the  transmission  of  large  blocks  of  data  particularly  expensive  (Chen,  2005). 

4,1.4.  Mobile  Ad  Hoc  Networks  (MANETs) 

Characteristics  (  Advantage) 

An  ad  hoc  WLAN  has  no  ability  to  communicate  with  external  networks  without 
using  additional  routing  protocols  (Housley,  2003).  Mobile  ad  hoc  networks  are 
infrastructure-free,  pervasive,  and  ubiquitous  without  any  centralized  authority 
(Alampalayam,  2005).  Ad  hoc  networks  characteristics  (dynamic  topology, 
infrastructureless,  variable  capacity  links,  etc.)  are  origin  of  many  issues  (Bouam,  2003). 
The  most  important  characterizing  feature  of  a  MANET  is  the  absence  of  any  node  in  a 
central  role  (Manikopoulos,  2003). 

Interest  in  ad  hoc  networks  largely  stems  from  the  ability  to  rapidly  deploy  them 
under  both  normal  and  harsh  conditions.  These  networks  can  be  quickly  deployed  in 
situations  where  no  infrastructure  exists  and  it  would  be  impractical  or  infeasible  to 
deploy  infrastructure.  In  such  an  infrastructure-less  network,  nodes  are  expected  to 
cooperate  to  perform  essential  networking  tasks  such  as  routing  (Aboudagga,  2005). 

Ad  hoc  networks  require  no  centralized  administration  or  fixed  network 
infrastructure  such  as  base  stations  or  access  points,  and  can  be  quickly  and  inexpensively 
set  up  as  needed  (Hu,  2002).  The  mobile  ad  hoc  networks  have  several  salient 
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characteristics:  Dynamic  topologies,  Bandwidth-constrained,  Variable  capacity  links, 
Energy  constrained  operation,  Limited  physical  security  (Yi,  2004). 

Weakness 

The  lack  of  a  clear  line  of  defense  and  traffic  concentration  points  poses  a 
challenge  to  deploying  security  solutions  in  ad  hoc  networks.  The  broadcast  nature  of  the 
transmission  medium  and  the  dynamically  changing  topology  add  even  more 
complications.  Furthermore,  the  reliance  on  node  collaboration  as  a  key  factor  of  network 
connectivity  presents  another  obstacle  (Aboudagga,  2005).  Ad  hoc  network  routing 
protocols  are  challenging  to  design,  and  secure  ones  are  even  more  so.  The  protocols  also 
have  high  communication  overhead  because  they  send  periodic  routing  messages  even 
when  the  network  is  not  changing  (Hu,  2002). 

MANETs  bring  great  challenges  in  security  due  to  its  high  dynamics,  link 
vulnerability,  and  complete  decentralization  (Jiang,  2004).  Major  challenge  is  that  of  the 
compromised  node(s);  this  could  be  an  overtaken  attacked  node  or  a  physically  captured 
node  (Manikopoulos,  2003).  Ad  hoc  networks  can  be  highly  dynamic  since  wireless 
nodes  are  free  to  move  about.  Furthermore,  wireless  nodes  have  limited  battery  life  and 
computational  power  to  face  these  challenges  (Suen,  2005).  The  problem  is  challenging 
due  to  the  lack  of  centralized  management/monitoring  component,  error-prone  multi-hop 
wireless  communication,  and  dynamics  in  the  network  topology  (Yang,  2002).  The  ad 
hoc  networks  are  susceptible  to  attacks  due  to  wireless  links,  energy  constraints,  and 
difficulty  to  self-con  ligure  because  of  the  mobility  (Xie,  2004).  Table  8  explains  various 
types  of  attacks  possible  on  a  MANET  (Aboudagga,  2005). 
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Method 

Type  of  attack 

Open  Issues 

Authentication 

Routing 

Selfish 

DoS 

GDH 

(Capkun,  2003) 

Yes 

No 

No 

No 

Mechanism  for  certificate 
issues 

MOCA 
(Yi,  2002) 

Yes 

Yes 

No 

No 

Does  not  use  the  support  of  PKI 

CORE 

(Michiardi,  2002) 

No 

No 

Yes 

No 

Considers  only  selfish  node 
attack 

Nuglets 

(Buttyan,  2003) 

Yes 

Yes 

Yes 

No 

Scheme  is  not  generalized 

CONFIDANT 
(Buchegger,  2002) 

No 

Yes 

Yes 

No 

Assumes  nodes  are 
authenticated 

Guardian  Angel 
(Avoine,  2002) 

Yes 

No 

Yes 

No 

Does  not  support  varied  attacks 

TIARA 

(Ramanujan,  2000) 

Yes 

Yes 

No 

Yes 

Not  a  generalized  scheme 

SEAD 
(Hu,  2002) 

Yes 

Yes 

No 

Yes 

Packet  forwarding 

Beacon 

(Binkley,  2001) 

Yes 

Yes 

No 

No 

Scalability  and  Key 
Management 

SOS 

(Yang,  2002) 

Yes 

Yes 

No 

Yes 

Scalability  issues 

SRP 

(Papdimitratos,  2002) 

Yes 

Yes 

No 

Yes 

Unfair  utilization  of  resources 

ARIADNE 
(Hu,  2002) 

Yes 

Yes 

No 

Yes 

Not  optimized 

SAR 

(Yi,  2002) 

Yes 

Yes 

No 

No 

Packet  mistreatment  attacks 

OSRP 

(Awerbuch  ,  2002) 

Yes 

Yes 

No 

No 

Fixed  but  not  adaptive  threshold 

WatchDog/  Pathrater 
(Marti,  2000) 

No 

Yes 

No 

No 

Assumes  no  a  priori 
relationship 

Table  8.  Summary  of  Different  1 

types  of  Attacks  on  a  MA' 

NET  (Aboudagga,  2005) 
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4.1.5.  Summary 


Table  9  shows  the  advantage  and  weakness  of  each  network  environment. 
Wireless  networks  (WNs)  have  infrastructure  which  support  stronger  security  than  other 
wireless  networks.  Wireless  sensor  networks  (WSNs)  have  sensor  nodes  with  limited 
resources,  which  provide  low  cost  and  easy  installation,  and  restricted  computation 
capabilities.  In  mobile  ad  hoc  networks  (MANETs),  there  is  no  infrastructure.  Although 
this  enables  MANETs  to  be  pervasive  and  ubiquitous,  it  creates  a  number  of  security 
problems.  These  characteristics  provide  useful  background  information  in  order  to 
construct  and  design  secure  wireless  networks. 


Advantage 

Weakness 

WN 

Ubiquitous  deployment,  low-cost, 

easy  operation,  dependent  platform 

(computing),  flexibility ,  financial 

and  perfonnance  benefits 

-  The  bandwidth  and  the  computing 

resources  are  limited. 

-  These  natures  of  wireless  network 

make  the  system  to  be  less  secure. 

WSN 

Robustness,  self-powered,  low- 

power,  low-cost,  easy  maintenance 

Vulnerability  to  malicious  attacks, 

requirement  of  innovative  medium 

,  limited  computational  and 

communication  resources 

MANET 

-  No  need  of  additional  routing 

protocol  and  dynamic  topology 

-  Infrastructure-free,  pervasive,  and 

ubiquitous  without  any  centralized 

authority 

-  The  lack  of  a  clear  line  of  defense 

and  traffic  concentration  points 

-  High  communication  overhead 

-  Great  challenges  in  security  due 

to  its  high  dynamics,  link 

vulnerability,  and  complete 

decentralization 

Table  9.  Advantage  and  Weakness  of  Secure  Networks 
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4.2.  Key  Management  Problems 

4.2.1.  Overview 

In  order  to  identify  key  management  in  existing  secure  network  deployments, 
twenty-eight  references  (see  Appendix  B)  related  to  key  management  were  identified  and 
examined.  In  this  section,  we  will  detail  the  problems  identified  in  Key  Management. 
Additionally,  I  identified  fifty-six  references  which  discuss  key  management  in  of  each 
secure  network  type  in  detail.  A  content  analysis  of  the  references  is  conducted  and 
discussed  to  identify  the  critical  factors  which  affect  the  success  of  Key  Management  in 
secure  wireless  network  implementations  from  related  56  documents  (See  Appendix  C). 

4.2.2.  Key  Management  Problems 

One  central  problem  of  key  management  is  key  distribution,  i.e.,  the  problem  of 
establishing  keying  material  whose  origin,  integrity,  and-in  the  case  of  secret  keys- 
confidentiality  can  be  guaranteed.  The  problem  with  the  concept  of  trust  is  that  there  is  no 
formal  understanding  of  it.  The  amount  of  trust  required  of  course  depends  to  some 
extent  on  the  type  of  key  management  server  (Fumy,  1993).  Key  management,  in  general, 
can  be  a  difficult  problem  because  of  issues  as:  Distribution  of  keys;  Distribution  of  lists 
containing  revoked  keys;  Tracking  which  keys  were  valid  during  what  period  of  time 
(Witzke,  1994). 

A  weak  tie  between  a  key  and  its  owner  invites  Man  In  The  Middle  (MITM) 
attacks,  which  may  succeed  if  the  system  can’t  distinguish  communications  with  an 
intended  recipient  from  those  with  the  intervening  attacker  (Gutmann,  2004). 
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When  the  number  of  services  one  has  to  access  increases,  key  management 
becomes  a  serious  problem  due  to  the  fact  that  each  membership-based  service  has  a 
different  secret  token  and  the  memory  space  on  each  card  is  very  limited  (Harn,  1993). 
Public  key  cryptography  generally  consumes  lots  of  resources  such  as  computation  and 
communication,  which  is  not  believed  suitable  for  pervasive  computing  due  to  the  limited 
capabilities  of  pervasive  devices  (He,  2005).  Furthennore,  some  of  the  key  management 
protocols  being  standardized  are  single  purpose,  intended  for  a  specific  OS  1  layer 
(Jansen,  1993). 

All  key-recovery  systems  require  the  existence  of  a  highly  sensitive  and  highly 
available  secret  key  or  collection  of  keys  that  must  be  maintained  in  a  secure  manner  over 
an  extended  time  period.  These  systems  must  make  decryption  information  quickly 
accessible  to  law-enforcement  agencies  without  notice  to  the  key  owners.  These  basic 
requirements  make  the  problem  of  general  key  recovery  difficult  and  expensive — and 
potentially  too  un-secure  and  too  costly  for  many  applications  and  many  users  (Neumann, 
1997).  The  key-management  problem  mainly  concerns  minimizing  the  cost  of  key  update 
communications  and  key  storage  requirements  (Tseng,  2003). 

Key  management  remains  the  primary  obstacle  to  the  wide-scale  use  of 
cryptography  (Reiter,  1996).  With  symmetric  systems,  the  movement  of  keys  from  place 
to  place  obviously  must  be  done  securely  and  with  a  level  of  protection  adequate  to 
counter  the  threats  of  concern  to  the  using  parties.  The  private  keys  are  usually  self¬ 
generated,  but  they  may  also  be  generated  from  a  central  source,  such  as  a  corporate 
security  office.  If  all  secure  communications  take  place  within  the  same  corporation  or 
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among  locations  under  a  common  line  of  authority,  key  management  is  an  internal  or 
possibly  a  joint  obligation  (Dam,  1996). 


4.2.3.  Result  and  Analysis 

The  problems  we  identified  in  key  management  identified  are  summarized  in 
Table  10  below. 


1 .  Key  distribution  and  the  concept  of  trust 

2.  Weak  relationship  between  keys 

3.  Different  secret  scheme 

4.  Limited  memory  storage  and  resource 

5.  Insufficient  standard  of  key  management 

6.  Difficult  and  expensive  key  recovery 

7.  Increasing  cost  of  key  management 

8.  Difficulty  to  apply  wide-used  cryptography 

Table  10.  The  Problems  of  Key  Management 


Throughout  a  majority  of  references,  the  authors  state  that  main  problem  is  the 
distribution  of  the  secret  key.  Most  cryptography  systems  use  the  concept  of  key  in  order 
to  support  security.  In  a  symmetric  key  system,  parties  to  communicate  with  each  other 
have  pre-shared  key.  In  addition,  the  public  key  is  known  to  everyone  in  order  to  join  the 
network  using  asymmetric  key  cryptography.  While  a  wired  network  is  supported  by 
strong  secure  infrastructure,  it  is  difficult  for  wireless  networks  to  be  as  strongly  secured. 
Thus,  it  is  required  to  provide  effective  key  distribution  in  deploying  security  wireless 
network. 
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Table  1 1  and  Figure  5  illustrate  how  many  references  focus  on  each  of  the 
identified  problems.  Fifty-six  references  related  to  the  key  management  problem  were 
identified.  Subsequently,  they  were  divided  into  three  categories:  WNs,  WSNs,  and 
MANETs.  Seven  references  were  related  to  WNs,  twenty-one  references  were  related  to 
WSNs,  and  twenty-eight  references  were  related  to  MANETs.  In  all  wired  network 
references,  the  key  distribution  problem  was  identified.  In  all  wireless  network 
references  key  distribution,  limited  resources,  insufficient  and  weak  relationship 
standardization  were  identified.  In  wireless  sensor  networks  (WSNs),  key  distribution, 
different  secret  scheme,  limited  resources,  and  key  recovery  were  identified.  MANETs 
references  primarily  deal  with  key  distribution  and  increasing  cost  or  key  management. 

In  Tablet  1,  WNs  have  a  greater  occurance  of  problems  1,  4,  and  5  than  any  other 
network.  This  means  that  key  distribution,  limited  resources,  and  insufficient  standard  are 
main  problems  in  WNs.  WSNs  have  a  greater  occurance  of  problems  1,  3,  and  6  than  any 
other  network.  This  means  that  key  distribution,  different  secret  scheme,  and  difficult  key 
recovery  are  main  problems  in  WSNs.  MANETs  have  a  greater  occurance  of  problem  1 
and  7  than  any  other  network.  This  means  that  key  distribution  and  increasing  cost  are 
main  problems  in  MANETs.  In  all  of  three  wireless  networks,  the  key  distribution  is  a 
main  problem  in  deploying  secure  network.  Figure  5  graphically  displayed  the  results 
using  pie  chart. 
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WN  (7) 

WSN  (21) 

MANET  (28) 

Problem  1 

7 

17 

23 

Problem  2 

5 

5 

12 

Problem  3 

2 

15 

10 

Problem  4 

6 

11 

4 

Problem  5 

6 

5 

6 

Problem  6 

1 

14 

11 

Problem  7 

1 

4 

20 

Problem  8 

3 

6 

9 

Table  1 

.  References  Identifying  Key  Management  Problems 

Wireless  Network 


Wireless  Sensor  Network 


Mobile  Ad  Hoc  Network 


Problem  8 
9% 


Problem  1 
24% 


Figure  5.  Percentage  of  Key  Management  References  by  Problem 


4.3.  Factors  Affecting  Key  Management 
4.3.1.  Overview 

In  order  to  provide  the  critical  factors  of  key  management,  twenty-eight  references 
related  to  key  management  were  used  (See  Appendix  B).  The  critical  factors  of  key 
management  problems  were  identified  and  will  be  explained  in  the  next  section. 
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Additionally,  we  present  the  major  factors  in  each  secure  wireless  network  from  related 
fifty-six  (See  Appendix  C). 

4.3.2.  Critical  Factors  of  Key  Management 

Key  management  schemes  are  usually  evaluated  by  the  number  of  total  keys  the 
system  must  maintain,  the  number  of  keys  each  user  receives,  the  size  of  public 
information,  the  time  required  to  derive  keys  for  access  classes,  and  work  needed  to 
perform  when  the  hierarchy  or  the  set  of  users  change  (Atallah,  2005).  The  efficiency  of  a 
centralized  key  management  scheme  is  primarily  measured  by  re-key  overhead  at  the  key 
server  that  is  defined  as  the  average  number  of  re-key  messages  transmitted  by  the  key 
server  to  users  per  key  updating,  the  re-key  overhead  at  users  that  is  defined  as  the 
average  number  of  re-key  messages  received  by  the  users  per  key  updating,  and  storage 
overhead  that  is  defined  as  the  average  number  of  keys  stored  at  the  key  server  and  the 
users  (Zhang,  2004). 

A  security  domain  is  a  collection  of  systems  (servers,  devices,  and  so  on)  that 
share  a  common  set  of  keys  and  are  attached  to  an  administered  network.  Security 
domains  provide  a  useful  approach  for  dealing  with  logical  keying  structures  for  data 
protection  in  large-scale  systems  in  which  many  objects  must  be  protected  (Michener, 
2000). 

Harris  (2003)  explains  the  three  principles  and  six  rules  of  key  management.  The 
principles  are  following:  Key  should  not  be  in  clear-text  outside  the  cryptography  device. 
All  of  key  distribution  and  maintenance  should  be  automated  and  hidden  form  the  user. 
Backup  copies  should  be  available  and  easily  accessible  when  required.  In  addition,  the 
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rules  are  following:  The  key  length  should  be  long  enough  to  provide  the  necessary  level 
of  protection.  Keys  should  be  stored  and  transmitted  by  secure  means.  The  key’s  lifetime 
should  correspond  with  the  sensitivity  of  the  data  it  is  protecting.  The  more  the  key  is 
used,  the  shorter  its  lifetime  should  be.  Keys  should  be  backed  up  or  escrowed  incase  of 
emergencies.  Keys  should  be  properly  destroyed  when  their  lifetime  comes  to  an  end. 

The  most  important  design  criteria  for  a  key  management  system  are  listed  below 
(Fumy,  1993). 


1.  Minimize  the  number  and  complexity  of  trusted  mechanisms  involved.  Especially, 
minimize  the  involvement  of  central  mechanisms. 

2.  Minimize  physical  activity,  e.g.,  the  use  of  couriers  should  be  kept  at  a  minimum 
(i.e.,  nonexistent  if  possible).  This  requirement  also  implies  that  for  registration, 
entities  should  not  have  to  travel  far  (for  large  systems,  this  suggests  a  hierarchical 
approach). 

3.  Minimize  the  need  for  physical  security,  e.g.,  the  number  and  size  of  tamper- 
resistant  devices,  or  the  number  of  secure  channels  required. 

4.  Achieve  maximum  flexibility  with  regard  to  specific  key  distribution  protocols  and 
specific  cryptographic  algorithms. 

5.  Achieve  maximum  robustness  (e.g.,  self-synchronization  when  keys  are  updated). 

6.  Ensure  that  if  any  one  entity  is  dishonest,  that  entity  may  be  exposed. 

Table  12.  Design  Criteria  for  Key  Management 
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4.3.3.  Result  and  Analysis 

The  critical  factors  of  key  management  that  I  identified  are  summarized  in  Table 
13  below. 


1.  Key  management  is  evaluated  by  the  number  of  key,  the  information  size,  required 
time,  needed  work. 

2.  Security  domains  provide  a  useful  approach  for  dealing  with  key  management. 

3.  Key  should  not  be  in  clear-text  outside  the  cryptography  device. 

4.  All  of  key  distribution  and  maintenance  should  be  automated  and  hidden  form  the 
user. 

5.  Backup  copies  should  be  available  and  easily  accessible  when  required. 

6.  Minimize  the  number  and  complexity  of  trusted  mechanisms  and  physical  activity, 
and  the  need  for  physical  security 

7.  Achieve  maximum  flexibility  and  robustness 

8.  Ensure  that  if  one  is  dishonest,  it  may  be  exposed 

Table  13.  The  Critical  Factors  of  Key  Management 

There  are  many  references  that  explain  which  key  management  philosophy  is 
better  in  a  particular  network  environment  and  how  to  manage  key  secrecy  effectively. 
However,  there  are  no  abstract  factors  which  seem  to  influence  all  wireless  networks. 
Due  to  their  unique  characteristics,  each  network  type  is  suitable  for  different 
environment.  Wireless  network  (WNs)  are  used  in  the  situation  where  there  is 
infrastructure  to  support  security.  Wireless  sensor  networks  (WSNs)  are  suitable  for  the 
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environment  which  does  not  require  a  lot  of  resources  and  computation  capabilities.  The 
network  environments  such  as  dynamic  topology  and  no  infrastructure  make  it  possible  to 
emerge  the  mobile  ad  hoc  networks  (MANETs).  Table  14  and  Figure  6  together 
summarize  the  fact  that  there  are  no  dominating  factors.  Therefore,  it  is  important  to 
identify  the  characteristics  of  the  network  environment  before  considering  a  particular 
key  management  methodology. 

Table  14  and  Figure  6  show  that  there  are  no  main  dominating  factors.  Most 
factors  influenced  each  of  the  secure  wireless  network.  Moreover,  these  illustrate  that 
some  factors  which  affect  the  particular  wireless  network  are  not  main  factors  in  other 
wireless  networks.  Therefore,  it  is  possible  to  solely  suggest  particular  factors  affecting 
general  wireless  network. 


WN  (7) 

WSN  (21) 

MANET  (28) 

Factor  1 

7 

20 

24 

Factor  2 

6 

17 

14 

Factor  3 

1 

18 

14 

Factor  4 

4 

3 

22 

Factor  5 

3 

12 

17 

Factor  6 

4 

7 

6 

Factor  7 

5 

15 

6 

Factor  8 

3 

17 

3 

Table  14.  The  Number  of  Key  Management  References  Identifying  Critical  Factors 


66 


Wireless  Network 


Wireless  Sensor  Network 


Mobile  Ad  Hoc  Network 


Factor  8 
3% 

Factor ' 
6% 


Factor  1 
22% 


Factor 

1S% 


Factor  6 
6% 


Factor  6 
12% 


Factor  2  Factor  5 
16%  16% 


'Factor  2 
13% 


Factor 

9% 


Factor  3 
13% 


Factor  4 
12% 


Factor  4  Factor  4 


Factor  4 
3% 


Figure  6.  The  Percentage  of  Key  Management  References  Identifying  Critical  Factors 

4.4.  Key  Management  Solutions  in  Secured  Networks 

4.4.1.  Overview 

In  this  section,  we  will  examine  and  discuss  key  management  solutions  in  detail. 
Each  key  management  solution  will  be  explained  and  its  strengths  and  weaknesses  will 
be  discussed.  Finally,  we  will  make  suggestions  which  solution  is  suitable  in  each  secure 
network  environment. 

4.4.2  Key  Management  Solutions 

4.4.2. 1.  Partially  Distributed  Certificate  Authority  (PDCA) 

Using  a  (k,  n)  threshold,  Zhou  (1999)  proposed  this  solution  in  order  to  distribute 
the  services  of  the  certificate  authority  to  specialized  server  nodes.  Each  of  these  nodes 
has  a  capability  to  generate  a  partial  certificate  using  their  share  of  the  certificate  signing 
key.  However,  a  valid  certificate  can  be  obtained  only  by  combining  k  such  partial 
certificates. 
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The  system  contains  three  types  of  nodes;  client,  server  and  combiner  nodes.  The 
client  nodes  are  the  nonnal  users  of  the  network  while  the  server  and  combiner  nodes  are 
part  of  the  certificate  authority.  The  server  nodes  are  responsible  for  generating  partial 
certificates  and  storing  certificates  in  a  directory  structure  allowing  client  nodes  to 
request  for  the  certificates  of  other  nodes.  The  combiner  nodes  which  are  also  server 
nodes  are  responsible  for  combining  the  partial  certificates  into  a  valid  certificate. 
Although  not  stated  implicitly  by  the  authors  the  system  also  has  an  administrative 
authority  which  will  be  tenned  the  dealer.  The  dealer  is  the  only  entity  in  the  system  that 
has  knowledge  of  the  complete  certificate  signing  key  skCA . 

Every  node  in  the  network  has  a  public/private  key  pair  and  it  is  the 
responsibility  of  the  dealer  to  issue  the  initial  certificate  for  the  nodes  public  key  as  well 
as  distributing  the  public  key  pkCA  of  the  certificate  authority  which  is  needed  to  verify 
the  certificates. 

The  certificate  authority  as  a  whole  has  a  public/private  key  pair,  pkCA  /  skCA  of 
which  the  public  key  is  known  to  all  network  nodes.  The  private  key  skCA ,  is  shared 

among  the  server  nodes  according  to  Shamir’s  secret  sharing  scheme  (Fokine,  2002). 

Figure  7  illustrates  the  different  components  of  the  system. 
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Server  Node 


Server  Node  '•  Server  Node 


Figure  7.  Partially  Distributed  Certificate  Authority  (Fokine,  2002) 


4.4. 2.2.  Fully  Distributed  Certificate  Authority  (FDCA) 

This  solution  is  introduced  by  (Luo,  2000;  Kong,  2001;  Luo,  2002).  In  order  to 
distribute  an  RSA  certificate  signing  key  to  all  nodes  in  the  network,  a  (k,  n)  threshold 
scheme  is  used.  It  also  uses  verifiable  and  proactive  secret  sharing  mechanisms  to  protect 
against  denial  of  service  attacks  and  compromise  of  the  certificate  signing  key.  The 
service  of  a  certificate  authority  is  distributed  to  a  set  of  specialized  server  nodes.  By 
using  secret  sharing,  each  of  these  nodes  can  generate  partial  certificates  and  by 
combining  enough  of  them  a  valid  certificate  can  be  created. 

In  this  solution,  the  capabilities  of  the  CA  are  distributed  to  all  nodes  in  the  ad 
hoc  network,  see  Figure  8.  Any  operations  requiring  the  CA’s  private  key  skCA  can  only 
be  perfonned  by  a  coalition  of  k  or  more  nodes.  The  services  provided  by  the  CA  can  be 
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grouped  as  certificate  related  services  and  system  maintenance  services.  The  certificate 
related  services  include  certificate  renewal  and  revocation. 

The  system  maintenance  services  include  incorporating  joining  nodes  into  the 
CA,  i.e.  provide  them  with  their  share  of  the  CA’s  private  key  skCA .  This  service  is  called 
share  initialization.  The  system  maintenance  also  includes  proactively  updating  the  shares 
of  the  CA’s  private  key  to  protect  it  from  being  compromised.  This  service  is  termed 
share  update. 

The  availability  of  the  service  is  based  on  the  assumption  that  every  node  will 
have  a  minimum  of  k  one -hop  neighbors  and  that  the  nodes  are  provided  with  a  valid 
certificate  prior  to  their  joining  the  network.  The  system  then  provides  services  to 
maintain  and  update  these  initial  certificates  (Fokine,  2002). 


Figure  8.  Fully  Distributed  Certificate  Authority  (Fokine,  2002) 
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4.4.23.  Zero  Knowledge  Proofs  (ZKP) 

There  are  different  possibilities  of  authentication,  which  use  either  a  Trusted 
Third  Part  (TTP)  or  a  Chain  of  Trust.  Recently,  a  lot  of  research  has  been  interested  in  the 
field  of  Zero  Knowledge  Proofs.  In  theory,  Zero  Knowledge  Proofs  (ZKPs)  is  introduced 
by  (Goldwasser,  1991).  This  method  provides  a  good  solution  to  node  identification.  Zero 
Knowledge  Proofs  allow  one  party  to  prove  its  knowledge  of  a  secret  to  another  party 
without  revealing  any  information  of  the  secret  itself. 

Suppose  that  Alice  knows  a  fact.  She  wants  to  convince  Bob  that  she  knows  P,  but 
she  does  not  trust  Bob.  Thus,  Alice  does  not  want  to  reveal  nay  more  knowledge  to  Bob 
than  is  necessary.  What  Alice  needs  is  a  zero-knowledge  proof  of  P. 

For  example,  suppose  that  Alice  wants  to  prove  to  Bob  that  she  really  is  Alice. 
Suppose  for  convenience  that  there  is  some  authority  that  verifies  identities.  One 
possibility  is  that  the  authority  could  issue  Alice  identification.  If  this  were  contained  on 
a  device  such  as  a  smart  card,  Alice  could  simply  show  it  to  Bob.  However,  if  Alice  and 
Bob  are  communicating  over  a  network,  then  Alice’s  identifying  infonnation  would  have 
to  be  transmitted  to  Bob  over  the  network.  On  receiving  it,  Bob  could  use  it  to 
impersonate  Alice.  Even  if  Bob  were  trusted,  an  eavesdropper  such  as  Alice’s  adversary 
Carol  could  do  the  same. 

This  situation  also  arises  commonly  in  computer  access  control:  Bob  might  then  be  a 
host  computer  or  network  server,  and  Alice’s  identification  might  be  a  password.  If  Alice 
uses  her  password  to  identify  herself,  her  password  is  exposed  to  the  host  software  as 
well  as  eavesdroppers;  anyone  who  knows  this  password  can  impersonate  Alice.  It  is  thus 
desirable  for  Alice  to  be  able  to  prove  her  identity  without  revealing  any  private 
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information.  More  generally,  we  need  a  scheme  through  which  Alice  can  prove  to  Bob 
that  she  possesses  something  such  as  passwords  without  having  to  reveal  it.  Such  a 
scheme  is  an  example  of  a  zero-knowledge  proof.  In  fact,  this  example  is  the  major 
practical  use  of  zero-knowledge  that  has  been  suggested  to  date. 

Here  is  one  way  that  such  a  system  could  be  organized.  The  authority  decides  on  a 
number  N  used  for  everyone;  for  example,  take  N  =  77  .  Everyone  knows  this  number. 
The  authority  may  then  choose,  for  example,  two  numbers  that  form  an  ID  for  Alice. 
Suppose  these  are  {58,  67}.  Everyone  knows  Alice’s  ID.  The  authority  then  computes 
two  other  numbers  {9,  10}  that  are  given  to  Alice  alone;  she  keeps  these  private.  The 
latter  numbers  were  chosen  because  92  x58  =  1  (mod  77)  and  102  x67  =  1  (mod  77) . 
Now,  Alice  can  identify  herself  to  Bob  by  proving  that  she  possesses  the  secret  number 
{9,  10}  without  revealing  them.  Each  time  she  wishes  to  do  this,  she  can  proceed  as 
follows. 

She  can  choose  some  random  numbers  such  as  { 19,  24,  51}  and  compute 

192  =  53  (mod  77) 

242  =  37  (mod  77) 

5 12  =  60  (mod  77) 

Alice  then  sends  {53,  37,  60}  to  Bob.  Bob  chooses  a  random  3  by  2  matrix  of  0’s 
and  l’s,  for  example, 

0  1 
E=  1  0 
1  1 

Bob  sends  E  to  Alice.  On  receipt,  Alice  computes. 
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19x9°  xlO1  =  36  (mod  77) 

24x9*  xlO°  =  62  (mod  77) 

51x9'  xlO'  =47  (mod  77) 

Alice  sends  {36,  62,  47}  to  Bob.  Finally,  Bob  can  check  to  see  that  Alice  is  who  she 
says  she  is.  He  does  this  by  checking  that 

362x58°x67‘  =53  (mod  77) 

622  x 581  x  67°  =37  (mod  77) 

472x581x671  =60  (mod  77) 

The  original  numbers  {53,  37,  60}  that  Alice  sent  reappear.  Actually,  this  doesn’t 
really  prove  Alice’s  identity;  she  could  have  been  an  impersonator.  But  the  chances  of  an 
impersonator  succeeding  would  have  been  only  1  in  64. 

In  an  actual  system,  the  number  N  would  have  been  much  larger  (for  example,  160 
digits).  Also,  Alice  would  have  been  assigned  an  ID  consisting  of  more  number,  for 
example,  4,  by  the  authority,  with  a  secret  also  consisting  of  four  numbers.  Furthennore, 
Alice  would  have  generated  more  random  numbers,  for  example,  5,  to  send  to  Bob.  The 
ID  numbers,  secret  numbers,  and  random  numbers  would  have  been  about  as  large  as  N. 
This  would  have  reduced  an  impersonator’s  chances  of  cheating  successfully  to  about  1 
in  a  million  (more  precisely  2  20 )  if  4  and  5  are  the  parameters,  which  certainly  would 
have  convinced  Bob  of  Alice’s  identity  (Mollin,  2003). 
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4. 4.2. 4.  Self  Issued  Certificates  (SIC) 

This  solution  is  proposed  by  Hubaux  (2001).  This  provides  a  public  key 
management  solution  similar  to  Pretty  Good  Privacy  (PGP)  (Garfinkel,  1995)  in  the  sense 
that  certificates  are  issued  by  the  users  themselves  without  the  aid  of  any  certification 
authority. 

This  solution,  like  PGP,  deals  with  the  problem  of  distributing  public  keys  in  an 
authenticated  manner.  Unlike  traditional  PKI  solutions,  in  PGP  the  public  keys  aren’t 
certified  by  some  trusted  third  party,  e.g.  a  CA.  Instead  each  user  has  the  capability  of 
certifying  the  public  keys  of  other  users.  It  is  then  up  to  each  user  to  detennine  how  much 
trust  to  place  in  a  specific  certificate.  Figure  9  illustrates  a  simple  example  of  how  PGP 
works.  Bob  has  issued  a  certificate  to  Chris  thus  stating  that  pkchris  really  is  the  public 

key  belonging  to  Chris.  Alice  has  also  issued  a  certificate  to  Bob,  indicating  that  pkBob  is 

really  the  public  key  belonging  to  Bob.  Alice  also  trusts  Bob  not  to  issue  any  false 
certificates,  thus  Alice  will  trust  any  certificates  issued  by  him.  Therefore  having 
cert Alice, Bob  anc'  cert Bob, Chris  >  Alice  can  verify  that  pkchris  is  authentic.  She  can  then 
securely  communicate  with  Chris  even  though  they  have  never  met  (Fokine,  2002). 
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Figure  9.  Example  of  a  certificate  chain  (Fokine,  2002) 

In  PGP,  public  key  servers,  i.e.  certificate  directories  are  used  to  distribute 
certificates;  however  in  ad  hoc  networks  no  such  servers  are  available  and  therefore  the 
solution  proposed  by  Hubaux  (2001)  relies  on  the  users  to  distribute  and  store  the 
certificates  themselves.  Each  user  stores  a  small  number  of  certificates  that  have  been 
issued.  When  two  users  wish  to  authenticate  each  others’  public  keys,  they  try  to  find  a 
certificate  chain  using  only  the  certificates  stored  in  their  combined  local  certificate 
repositories  (Fokine,  2002). 
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Figure  10.  Building  certificate  chains  (Fokine,  2002) 
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4. 4.2. 5.  Password  Authenticated  Key  Exchange  (PAKE) 

Asokan  (2000)  introduced  a  password  authenticated  group  key  agreement 
protocol.  He  considered  a  collaborative  network  scenario  where  a  group  of  people  wishes 
to  establish  a  secure  wireless  network  during  a  meeting.  In  order  to  obtain  such  a 
security,  a  written  password  is  selected.  The  protocol  used  in  this  solution  is  based  on  the 
Diffie-Hellman  key  agreement  protocol. 

The  meeting  members  have  no  means  of  authenticating  the  other  members  using 
e.g.  digital  certificates.  Therefore  a  simple  password  is  chosen  and  e.g.  written  on  a 
whiteboard.  Using  this  weak  password  the  members  can  engage  in  the  password 
authenticated  Hypercube  protocol  which  results  in  them  sharing  a  strong  secret.  The  key 
agreement  protocol  needs  to  be  authenticated  to  protect  against  active  attacks,  e.g.  man- 
in-the-middle  attacks. 

A  number  of  group  key  establishment  protocols  are  compared  along  with  the 
Hypercube  protocol.  The  nodes  participating  in  the  protocol  are  arranged  as  the  vertices 
in  a  d-dimensional  cube,  a  hypercube.  The  protocol  then  consists  of  d  rounds  of  two-party 
Diffie-Hellman  key  exchange.  During  each  round  j  =  1, . . .,  d  a  node  performs  the  two- 
party  key  exchange  with  its  neighbor  in  the  j :  th  dimension.  In  the  first  round  each  node  i 
uses  his  own  secret  xt  as  the  exponent.  In  the  following  rounds  the  key  obtained  from  the 

previous  round  is  used  as  the  secret  exponent. 

Figure  1 1  illustrates  the  Hypercube  protocol  where  the  number  of  participants  is 
four,  i.e.  d  =  2  .  In  the  first  round  nodes  1  and  2  perform  a  two-party  Diffie-Hellman  key 
exchange,  in  parallel  nodes  3  and  4  do  the  same.  After  the  first  round  the  pairs  (1,  2)  and 
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(3,  4)  share  a  common  secret  kx  2  and  k3  4 .  In  the  second  and  final  round  nodes  1  and  3 

perform  a  two-party  Diffie-Hellman  key  exchange,  as  do  nodes  2  and  4.  The  key 
exchange  in  the  previous  round  is  now  used  as  the  secret  exponent  in  the  Diffie-Hellman 

key  exchange.  E.g.  node  1  sends  gk' 1  mod  p  to  node  3  and  node  3  sends  gki A  mod  p  to 
node  1.  After  the  second  round  is  complete  all  four  nodes  share  a  secret  k  (Fokine,  2002) 


mod  p 


Figure  11.  The  Hypercube  protocol  used  to  provide  four  nodes  (Fokine,  2002) 


4.4.3.  Analysis 

Both  Partially  Distributed  Certificate  Authority  (PDCA)  and  Fully  Distributed 
Certificate  Authority  (FDCA)  use  the  concept  of  (k,  n)  threshold  in  order  to  distribute  the 
service  of  certificate  authority.  In  PDCA,  there  are  special  server  nodes  which  provide 
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generate  partial  certificates  and  allow  client  nodes  to  request  for  the  certificates  of  other 
nodes.  For  this  reason,  it  is  required  to  select  the  special  nodes.  On  the  other  hand, 
FDCA  allows  each  node  to  certificate  themselves  without  any  special  nodes.  Strong 
certificates  may  be  not  expected  depending  on  the  function  of  each  node.  Zero 
Knowledge  Proof  (ZKP)  allows  identifying  without  revealing  any  infonnation  related 
secret.  Although  this  requires  less  computation  power,  this  may  result  in  increasing 
overheads  as  increasing  users.  Self  Issue  Certificates  (SIC)  manage  the  key  distribution 
in  a  similar  fashion  to  Pretty  Good  Privacy  (PGP).  It  does  not  require  infrastructure,  but 
the  initial  phase  is  required.  Finally,  Password  Authenticated  Key  Exchange  (PAKE) 
makes  meeting  members  to  share  strong  secret  using  weak  password.  However,  it  is 
group-oriented.  The  advantages  and  weaknesses  are  summarized  in  Table  15, 


78 


Advantage 

Weakness 

PDCA 

The  solution  is  suitable  for  planned, 
long-term  ad  hoc  networks.  Since  it  is 
based  on  public  key  encryption  it 
requires  that  the  all  the  nodes  are 
capable  of  performing  the  necessary 
computations. 

This  solution  requires  that  a  server- 
and  organizational/ administrative 
infrastructure  is  available  and 
therefore  is  only  applicable  to  a  subset 
of  ad  hoc  network  applications. 

FDCA 

This  solution  is  aimed  towards 
planned,  long-term  ad  hoc  networks 
with  nodes  capable  of  public  key 
encryption.  However,  since  the 
service  is  distributed  among  all  the 
nodes  when  they  join  the  network, 
there  is  no  need  to  elect  or  choose  any 
specialized  server  nodes. 

A  larger  number  of  shares  are  exposed 
to  compromise  since  each  node  has  its 
own  share  as  compared  to  only  the 
specialized  server  nodes  in  the 
partially  distributed  solution. 

ZKP 

ZKPs  typically  require  significantly 
less  computing  power  than  traditional 
identification  paradigms,  which 
makes  them  especially  appealing  for 
ad  hoc  networks. 

The  problem  with  this  proof  is  that  it 
affords  interaction  between  prover 
and  verifier. 

It  is  means  an  increase  of  overheads 
in  communication  between  the  parties 
involved  in  the  authentication  process. 

SIC 

The  main  benefit  of  this  solution  is 
that  it  doesn’t  require  any  form  of 
infrastructure  neither  routing,  server 
or  organizational/admin istrativc. 

It  requires  an  initial  phase  during 
which  its  effectiveness  is  limited  and 
therefore  it  is  unsuitable  for  short¬ 
term  networks. 

PAKE 

Using  the  weak  password  the 
members,  they  are  able  to  share  a 
strong  secret. 

This  is  a  group-oriented  solution  since 
it  doesn’t  allow  for  authentication  of 
individual  nodes. 

Table  15.  Advantages  and  Weaknesses  of  Solutions 


From  the  advantages  and  weaknesses  of  each  solution,  we  suggest  which 
network  is  a  suitable  solutions.  Table  16  illustrates  the  comparison  in  each  wireless 
network.  This  table  shows  which  solution  may  be  more  suitable  for  a  given  wireless 
network.  PDCA  and  FDCA  are  suitable  for  WSNs  and  MANETs  since  the  nodes  in  the 
network  function  as  a  router.  ZKP  is  suitable  for  WNs  and  MANETs  since  it  requires  less 
computing  power.  SIC  is  suitable  for  WNs  and  MANETs.  Since  the  initial  phase  is 
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required,  many  problems  may  occur  in  WSNs.  PAKE  have  limitations  using  WSNs  and 
MANETs  where  there  is  no  infrastructure  to  support  security  services.  Table  16  explains 
which  solution  is  suitable  to  apply  to  each  network  environment. 


WN 

WSN 

MANET 

PDCA 

V 

V 

FDCA 

V 

V 

ZKP 

V 

V 

SIC 

V 

V 

PAKE 

V 

Table  16.  A  Comparison  of  Solutions  in  Each  Wireless  Network  Environment 


80 


V.  Discussion  and  Conclusions 


5.1.  Overview 

In  chapter  4,  we  examined  the  most  important  characteristics  of  implementing 
security  in  wireless  network  environments.  We  also  identified  critical  factors  which 
determine  if  a  key  management  methodology  is  effective  in  a  given  network 
environment.  We  identified  and  discussed  common  problems  encountered  when 
deploying  key  management  and  discussed  possible  solutions.  In  this  chapter,  we  will 
apply  the  knowledge  we  gained  in  chapter  4  and  discuss  them  in  the  context  of  answering 
the  research  questions.  Finally,  we  will  present  the  findings  of  the  research,  the 
significance  of  research  findings,  and  provide  recommendations  for  future  research. 

5.2.  Discussion 

In  chapter  1 ,  we  presented  the  primary  research  question  and  five  related 
investigative  questions  in  order  to  assess  and  identify  existing  key  management 
techniques  in  secure  communication  network  and  to  identify  the  strengths  and 
weaknesses  inherent  in  their  design.  The  primary  research  question  to  be  answered  was 
“  What  are  characteristics  in  using  Key  Management  in  wireless  network?  ”  and  five 
investigated  questions  are  below. 

1)  What  are  the  characteristics  of  various  secure  wireless  communications? 

2)  What  are  the  problems  of  implementing  secure  wireless  network? 

3)  What  are  the  critical  success  factors  in  deployment  of  a  secure  wireless  network? 

4)  What  cryptographic  techniques  are  possible  in  secure  wireless  network? 
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5)  What  is  the  advantages/weakness  of  each  cryptography  technique? 

The  first  question  is  what  are  the  characteristics  of  various  secure  wireless 
communications?  In  order  to  answer  this  question,  we  investigated  the  characteristics  of 
various  network  environments.  Generally,  Wireless  Networks  (WN)  have  infrastructure 
to  support  security.  The  networks  are  easy  and  flexible  to  establish,  but  they  are 
vulnerable  to  suffer  from  potential  attack.  Wireless  Sensor  Network  (WSN)  have  unique 
characteristics  such  that  low-power,  self-power,  and  low  cost.  However,  the  sensor  nodes 
have  limited  sources.  Mobile  ad  hoc  networks  (MANETs)  establish  the  temporary 
network  without  infrastructure.  Due  to  this  characteristic,  this  network  is  more  flexible 
than  wireless  network,  and  has  dynamic  topology.  However,  this  has  critical  problem  of 
security. 

The  second  question  is  what  are  the  problems  of  implementing  secure  wireless 
network?  The  problems  we  identified  in  implementing  secure  network  focused  on  the 
issues  related  to  key  management.  The  major  problems  identified  are  key  distribution  and 
the  lack  of  resources  such  as  storage  and  computational  capability  to  enable  encryption. 
In  conventional  networks,  key  distribution  is  centralized,  uses  fixed  infrastructure,  and  is 
deployed  by  the  organization  to  support  the  network.  In  contrast,  the  wireless  network 
environment  creates  difficulties  due  to  it  lack  of  infrastructure.  In  addition,  the  nodes  of 
wireless  network  typically  have  limited  resources  which  severely  limits  the  possible 
cryptographic  solutions.  Thus,  if  it  is  desired  to  implement  strong  security  in  a  wireless 
network,  the  nodes  in  the  network  should  be  designed  with  sufficient  storage  and 
computational  power  to  support  the  desired  cryptography  solution. 
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The  third  question  is  what  are  the  critical  success  factors  in  deployment  of  a 
secure  wireless  network?  In  order  to  overcome  the  stated  problems,  we  looked  for 
critical  issues  when  implementing  key  management.  In  order  to  secure  a  network,  one 
must  consider  how  key  management  is  implemented.  A  review  of  the  relevant  literature, 
well  defined  policies,  procedures,  and  processes  to  support  key  generation,  key  storage, 
key  distribution,  key  updating,  key  revocation,  and  certificate  service  must  be  defined.  In 
order  to  realize  effective  key  management,  it  is  important  to  identify  the  characteristics 
and  problem  of  network  environment  and  to  employ  appropriate  solution  in  the  network. 

The  fourth  question  is  what  types  of  cryptography  are  used  to  secure  wireless 
network?  This  research  identified  several  solutions  used  in  securing  network.  The 
partially  distributed  certificate  authority  and  fully  distributed  certificated  authority 
employed  the  concept  of  (k,  n)  threshold.  The  zero  knowledge  proof  is  novel  identity 
technique  which  proves  its  knowledge  of  a  secret  to  another  without  revealing  any 
information.  Self  issued  certificate  issues  certificate  without  any  aid  of  certification 
authority  is  similar  to  Pretty  Good  Privacy  (PGP).  Finally,  password  authenticated  key 
exchange  is  authenticated  group  key  agreement  protocol  using  password. 

The  fifth  question  is  what  is  the  advantages/weakness  of  each  cryptography 
technique?  We  examined  the  advantage  and  weakness  of  each  solution.  Partially 
distributed  certificate  authority  and  fully  distributed  certificate  authority  are  designed  to 
be  suitable  for  ad  hoc  networks.  Zero  knowledge  proof  requires  less  computing  power, 
but  the  network  overhead  is  increased  as  the  participants  are  increased.  Self  issued 
certificate  does  not  require  infrastructure.  In  order  to  effective  communication,  however, 
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an  initial  phase  is  preceded.  In  password  authenticate  key  exchange,  the  member  of  a 
group  are  able  to  share  a  strong  secret  using  the  weak  password. 

5.3.  Conclusion 

The  objective  of  research  is  to  provide  guidelines  for  successful  implementation 
in  secure  wireless  communication  network.  This  research  effort  was  an  attempt  to  look 
for  the  critical  factors  in  implementing  key  management  in  various  wireless  network 
environments  in  order  to  support  secure  communication  in  military  operation. 

In  this  research,  we  have  found  that  secure  communication  must  be  supported  by 
strong  key  management.  In  addition,  when  secure  communications  are  constructed,  the 
network  environment  should  be  identified  and  appropriate  security  methods  should  be 
provided.  Even  if  a  technically  sound  secure  communications  is  constructed,  the 
underlying  security  can  be  easily  compromised  without  strong  key  management.  It  is 
recommended  that  WSN  and  MANET  nodes  be  designed  with  increased  computational 
and  storage  capability  to  support  stronger  cryptographic  mechanisms. 

5.4.  Significance 

The  research  finding  have  identified  best  practices  and  guidelines  used  when 
securing  a  wireless  communications  environment.  A  comparison  between  cryptographic 
solutions  in  terms  of  their  strength  and  key  management  complexity  was  provided  to 
enable  the  best  selection  for  a  given  application.  The  research  findings  can  aid  in 
deploying  secure  communications  in  the  military  operations,  law  enforcement,  and 
disaster  response  domains. 
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5.5.  Future  Research 


This  research  focused  only  on  the  wireless  network  environment.  A  broader  study 
which  examines  all  network  topologies  would  provide  additional  insight  into  problems 
and  solutions  in  key  management. 

Future  research  could  explore  the  military  communication  environment  in  detail 
and  possible  compare  and  contrast  with  the  non-military  communication  environment. 
This  would  prove  beneficial  because  of  the  unique  characteristics  of  military 
communication  could  be  identified  and  the  possible  solutions  could  be  suggested.  This 
work  could  provide  a  similar  analysis  to  this  study  with  the  intent  of  providing  effective 
guidelines  to  implement  securing  military  communication  network. 

5.6.  Summary 

Key  management  issues  are  very  important  in  secure  communications  network. 
Since  existing  key  management  solutions  are  based  on  fixed  networks,  advanced  wireless 
network  technologies  such  as  wireless  sensor  network  and  mobile  ad  hoc  network  require 
more  interests  and  effort  to  apply  to  military  network.  In  this  chapter,  we  answered  the 
research  questions  we  fonnulated  and  identified  important  guidelines  when  constructing  a 
secure  wireless  networks. 
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